1

I'm trying to come up with a cheapo out of band solution for my cisco routers in our data center. I want to be able to access them directly from the console remotely so if they are not accessible from the LAN, due to a mis-configuration or any other reason, I can still access them.

Here is what I want to do:

  • Put a 4 or 8 port COM card like this one in a Windows computer.
  • Connect the computer via rollover cables to the Cisco routers
  • Redirect telent/ssh traffic to different routers via different port numbers. For example if I ssh into this PC on port 9001 the ssh session will be redirected to COM1 which is connected to router 1 via a rollover cable

What I'm not sure on is how to redirect telent/ssh traffic. Will I need some kind of 3rd party software for this?

Are there any issues I would have by doing this or is their a more appropriate way to accomplish this?

red888
  • 4,069
  • 16
  • 58
  • 104
  • 1
    Sounds fine. I'd stay away from Windows for this though. – Hyppy Mar 31 '15 at 19:09
  • 1
    If you do use Windows you could simply RDP to the machine and use something like HyperTerminal to connect to each router via it's connected COM port without the need for any SSH redirection. – joeqwerty Mar 31 '15 at 19:23
  • Yes, but with redirection I can access it with an ssh client from any device instead of having to RDP into it first and then ssh into a router. The only requirement I have is that the PC connected to the routers be a windows pc- the devices access the PC might not be windows. – red888 Mar 31 '15 at 19:37
  • This can be done really easily with Linux. –  Apr 02 '15 at 01:11

3 Answers3

2

You should use a router as a terminal server - that is the most appropriate and common way of accomplishing what you're attempting to do.

Buy this part #: CISCO2901-16TS/K9 (includes the router, the HWIC card, and the cables)

Here's a forum post where some configuration advice is given: https://supportforums.cisco.com/discussion/11497881/cisco-2901-terminal-server-configuration

I really wouldn't recommend trying to roll your own PC solution; the last thing you want is your out-of-band critical access system to be down when you need it most.

Jason Seemann
  • 1,120
  • 6
  • 9
1

If you really want to keep out of band access to your router in case you break the config, consider:

  1. If you break the config on your router, what are the chances that you're going to be able to access your PC remotely in order to get into the router anyway?
  2. What are the chances of you doing something that locks you out of the router by SSH anyway?

If you still think you need this, then I would suggest something like a dedicated serial port console, or for something smaller a single RS232-over-IP. Then you don't need to worry too much about doing port forwarding and binding magic.

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
  • Forgive my ignorance but the SN0116 you linked to has only rj45 jacks. It must come with special cables that will allow me to connect it to the routers' console ports right? I thought you could only connect to them with rollover cables. – red888 Apr 02 '15 at 02:46
  • @red888 the device has published pinouts. You could easily connect the 8P8C connector on the device to the 8P8C connector on Cisco (and many other) devices. In fact, you'll notice that the pinouts of the console match the pinouts of the 8P8C end of a rollover cable. A straight-through CAT5 cable would go straight in and work out of the box. – Mark Henderson Apr 02 '15 at 09:44
  • Apologies on closer inspection they're actually not identical, btu you could patch something easy enough to make it work. – Mark Henderson Apr 02 '15 at 09:45
1

I eventually just used comm2ip and modified the program to support more com ports (it only supports 5 out of the box).

It is installed on a windows box with a bunch of rollover cables connected from the PC to Cisco routers. You ssh into the box and are redirected, based on the port, to a serial port.

This is not a very enterprise-y solution, and we should be using a terminal server as others suggested, but we understand the risks.

red888
  • 4,069
  • 16
  • 58
  • 104