1

I'm trying to come up with a cheapo out of band solution for my cisco routers in our data center. I want to be able to access them directly from the console remotely so if they are not accessible from the LAN, due to a mis-configuration or any other reason, I can still access them.

Here is what I want to do:

  • Put a 4 or 8 port COM card like this one in a Windows computer.
  • Connect the computer via rollover cables to the Cisco routers
  • Redirect telent/ssh traffic to different routers via different port numbers. For example if I ssh into this PC on port 9001 the ssh session will be redirected to COM1 which is connected to router 1 via a rollover cable

What I'm not sure on is how to redirect telent/ssh traffic. Will I need some kind of 3rd party software for this?

Are there any issues I would have by doing this or is their a more appropriate way to accomplish this?

red888
  • 4,351

3 Answers3

2

You should use a router as a terminal server - that is the most appropriate and common way of accomplishing what you're attempting to do.

Buy this part #: CISCO2901-16TS/K9 (includes the router, the HWIC card, and the cables)

Here's a forum post where some configuration advice is given: https://supportforums.cisco.com/discussion/11497881/cisco-2901-terminal-server-configuration

I really wouldn't recommend trying to roll your own PC solution; the last thing you want is your out-of-band critical access system to be down when you need it most.

Jason Seemann
  • 1,120
  • 6
  • 9
1

If you really want to keep out of band access to your router in case you break the config, consider:

  1. If you break the config on your router, what are the chances that you're going to be able to access your PC remotely in order to get into the router anyway?
  2. What are the chances of you doing something that locks you out of the router by SSH anyway?

If you still think you need this, then I would suggest something like a dedicated serial port console, or for something smaller a single RS232-over-IP. Then you don't need to worry too much about doing port forwarding and binding magic.

Mark Henderson
  • 69,480
1

I eventually just used comm2ip and modified the program to support more com ports (it only supports 5 out of the box).

It is installed on a windows box with a bunch of rollover cables connected from the PC to Cisco routers. You ssh into the box and are redirected, based on the port, to a serial port.

This is not a very enterprise-y solution, and we should be using a terminal server as others suggested, but we understand the risks.

red888
  • 4,351