What are folks using for serial consoles these days?
Hey there folks. Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device. As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender). It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance". If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system. Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it? -Dan (You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe)
On 12/17/25 19:51, Dan Mahoney via NANOG wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It's the wrong gender. It's a DCE pinout on a male connector that's usually used for the DTE. IDK why they did that, and of course they never fixed it because we can't change that sort of thing. That's the only thing "wrong" with it. I know it all too well. You need a null modem cable or adapter AND a gender changer to get to it.
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
A small Supermicro with a Xeon-D or Epyc 2005 series (which are probably still in the works; I have an older Epyc 3151 board that works great, though) is probably a decent option. Should be reasonably cheap; power can be kept to about 50-60W max; they do have IPMI BMC, and get can get a real PCI slot or two for "real" multi-serial cards. They readily fit in 1U. Something like this can also easily handle VPN access to your OOB Ethernet, take a USB-connected cheap LTE/5G modem, etc.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
Depending on the environment, an old Cisco router like a 28xx/29xx with either an NM-16A/32A or HWIC-8A/16A or SM-32A is a very viable option. They're EOL, and I'd not put them on a raw, unfiltered Internet connection, but they offer a lot of options for VPN access to your OOB network (an old ESW module is useful for this) along with the serial ports in a single box, and you'll pay more for the serial breakout cables than you will for the rest of the hardware. You can SSH to them and use whatever line you want, or you can map SSH ports (or telnet ports if you're that kind of person) to individual serial lines (or both). The SSH server...kinda sucks, though. It'll do RSA2048 key exchange (slowly), but the hash algorithms and DH groups it supports are archaic. The pinout on the serial cables is, of course, Cisco which, while not the EIA standard, is as you alluded to the most popular one, so it'll plug directly into most things that have an 8P8C for serial, and adapters to DE-9 are readily available as well. I can't say I'm a Cisco fan, but these old boxes, despite being well past their prime in terms of intended usage, are still quite useful in corners like this, and they're very cheap on the secondary market. There's no modern cellular radio module for them, though I've heard it's possible to get USB-connected ones to work on the 29xx series.
Once upon a time, Brandon Martin <lists.nanog@monmotha.net> said:
It's the wrong gender. It's a DCE pinout on a male connector that's usually used for the DTE. IDK why they did that, and of course they never fixed it because we can't change that sort of thing.
I remember a few such devices from before most everybody switched over to Cisco-ish 8P8C connectors. I think Ascend TNTs were backwards? And then there were some 8P8C that were backwards (IIRC some Adtran gear?), needing a rollover adapter to work with the typical Cisco-compatible cables. It'd be nice if network vendors could spend an extra couple of bucks to put a basic IPMI BMC on the management network interface, with serial over LAN and remote power cycle support. -- Chris Adams <cma@cmadams.net>
On Dec 17, 2025, at 6:51 PM, Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
I’m not sure if it meets your requirements for being supported by a vendor and all that, but the things that actually see the most use at my end of the wire are genuine terminals. Most recently I added a LA120 that has been repaired a few times by both its past owners and myself. I found a supplier that will sell me newly manufactured ribbon in bulk, and I can 3D print the ribbon spools. It’s running such a ribbon right now. The paper can still be ordered from office supply houses, the firmware is never going to get updated, the warranty is “can I still get TTL parts?”, and while it does not have a DE9 it does have a DB25. As long as the paper doesn’t run out the log is immutable, and I can tear it off and write notes on it if I want. Then carry it around and/or copy it and give the copies out as needed. To accomplish remote access, I have a passive RS-232 sharing device from Black Box that has one “master” port and several “terminal” ports. The receive data line from the “master” port is duplicated on the “terminal” ports and the transmit line from the terminal ports is logically or'd onto the master port. Thus I can hang two or three whatever-the-heck-I-wants in line with the LA120. Dirt simple - it doesn’t even have a power supply, it’s powered by the serial devices themselves - and allows for redundancy if the modern stuff attached to it fails to be as reliable as the LA120. This is kinda sad if you think about it because in its day the LA120 was not noted for its great longevity, and mine is almost as old as I am... While all this stuff is highly obsolete, there’s no reason stuff today shouldn’t be this painless. The Black Box device is trivial in design, you’d just have to make it DE9 instead of DB25 for modern stuff. There are several efforts to make an open-source printer with modern parts and it would be relatively simple to add a keyboard to one and obtain a terminal. The firmware should not have to do anything fancy that would make frequent updates a necessity. Keep it simple and keep it focused. If your terminals are as hard to maintain as a host, and have the same attack surface as a host, all you have gained is another host you have to manage, and that’s probably not your goal.
Dan I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/ (I have seen some things) On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe) _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5VV3B6CV...
-- - Andrew "lathama" Latham -
Up until recently I was using the Raritan Dominion SX II models. Dual PSU, dual NIC, and configurations ranging from 4 to 48 ports. However, Raritan has just discontinued that as of June. It is unclear how long they will continue to provide security patches. They are recommending customers switch to the ZPE Systems Nodegrid Serial Consoles. It looks to be much the same, but I haven't had a chance to test one yet. The only difference I've noticed is the ZPE device seems to have an embedded 5G cellular module. On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG <nanog@lists.nanog.org> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
(I have seen some things)
On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines
to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it
means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long
as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with
proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with
that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which
has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe)
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5VV3B6CV...
-- - Andrew "lathama" Latham - _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/CPBVORP6...
On Dec 18, 2025, at 6:34 AM, Andrew Latham <lathama@gmail.com> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
This is exactly what we're currently doing, and at the moment I'd like to find something minimal to replace the Dell R430s (one in each cabinet) that's driving it, but something that still has an ilom in case it dies at the worst possible time. Which, murphy being murphy.... -Dan
Dan I have some PCEngines APU4s in use that are built to another level. Sadly they are end of life. I am sure there might be some current industrial solutions that last. On Thu, Dec 18, 2025 at 7:44 AM Dan Mahoney <danm@prime.gushi.org> wrote:
On Dec 18, 2025, at 6:34 AM, Andrew Latham <lathama@gmail.com> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
This is exactly what we're currently doing, and at the moment I'd like to find something minimal to replace the Dell R430s (one in each cabinet) that's driving it, but something that still has an ilom in case it dies at the worst possible time. Which, murphy being murphy....
-Dan
-- - Andrew "lathama" Latham -
Matt Some open software would really keep a lot of this stuff out of the trash. I have Cyclades and Lantronix stuff on a shelf that works. I got tired of maintaining a box-in-the-middle to deal with ssh ciphers. On Thu, Dec 18, 2025 at 7:43 AM Matt Brennan <brennanma@gmail.com> wrote:
Up until recently I was using the Raritan Dominion SX II models. Dual PSU, dual NIC, and configurations ranging from 4 to 48 ports. However, Raritan has just discontinued that as of June. It is unclear how long they will continue to provide security patches.
They are recommending customers switch to the ZPE Systems Nodegrid Serial Consoles. It looks to be much the same, but I haven't had a chance to test one yet. The only difference I've noticed is the ZPE device seems to have an embedded 5G cellular module.
On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG <nanog@lists.nanog.org> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
(I have seen some things)
On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe) _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5VV3B6CV...
-- - Andrew "lathama" Latham - _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/CPBVORP6...
-- - Andrew "lathama" Latham -
On 12/18/25 7:24 AM, Andrew Latham via NANOG wrote:
Matt
Some open software would really keep a lot of this stuff out of the trash. I have Cyclades and Lantronix stuff on a shelf that works. I got tired of maintaining a box-in-the-middle to deal with ssh ciphers.
Have cipher suites really changed that much in the last 20 years or so? After the sha1 kerfuffle and needing to up RSA key sizes, has there been much change? Or are you talking about some seriously old kit that predates that? Mike, out of the loop
On Thu, Dec 18, 2025 at 7:43 AM Matt Brennan <brennanma@gmail.com> wrote:
Up until recently I was using the Raritan Dominion SX II models. Dual PSU, dual NIC, and configurations ranging from 4 to 48 ports. However, Raritan has just discontinued that as of June. It is unclear how long they will continue to provide security patches.
They are recommending customers switch to the ZPE Systems Nodegrid Serial Consoles. It looks to be much the same, but I haven't had a chance to test one yet. The only difference I've noticed is the ZPE device seems to have an embedded 5G cellular module.
On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG <nanog@lists.nanog.org> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
(I have seen some things)
On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe) _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5VV3B6CV...
-- - Andrew "lathama" Latham - _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/CPBVORP6...
Mike Yes and Yes. I have some seriously old stuff and often corporate standards move forward faster that vendor updates. HTTPS - lack of updated CA data can cause issue when the user can not update the data. SSH - Some offers of legacy ciphers/algorithms can be flagged by security sweeps. I am sure I could go down a rabbit hole. There are devices that work but get flagged for how they work within tight controls. On Thu, Dec 18, 2025 at 2:05 PM Michael Thomas via NANOG <nanog@lists.nanog.org> wrote:
On 12/18/25 7:24 AM, Andrew Latham via NANOG wrote:
Matt
Some open software would really keep a lot of this stuff out of the trash. I have Cyclades and Lantronix stuff on a shelf that works. I got tired of maintaining a box-in-the-middle to deal with ssh ciphers.
Have cipher suites really changed that much in the last 20 years or so? After the sha1 kerfuffle and needing to up RSA key sizes, has there been much change?
Or are you talking about some seriously old kit that predates that?
Mike, out of the loop
On Thu, Dec 18, 2025 at 7:43 AM Matt Brennan <brennanma@gmail.com> wrote:
Up until recently I was using the Raritan Dominion SX II models. Dual PSU, dual NIC, and configurations ranging from 4 to 48 ports. However, Raritan has just discontinued that as of June. It is unclear how long they will continue to provide security patches.
They are recommending customers switch to the ZPE Systems Nodegrid Serial Consoles. It looks to be much the same, but I haven't had a chance to test one yet. The only difference I've noticed is the ZPE device seems to have an embedded 5G cellular module.
On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG <nanog@lists.nanog.org> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
(I have seen some things)
On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe) _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5VV3B6CV...
-- - Andrew "lathama" Latham - _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/CPBVORP6...
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Z4SBTD3J...
-- - Andrew "lathama" Latham -
Largest vendor kit that only went EOL 2 years ago needs special config to allow DH algorithm that has been deprecated on the version of openssh in a MacOS that is older++ than the OS image on the kit What has changed in the last 20 years is cryptanalysis leading to feasible attacks in minutes with a decent GPU -oh and the whole post-quantum encryption stuff and tonnes of cryptography hotness running through cfrg Wouldn’t be a problem if security added shareholder value but stuff like fortinet/baracuda/salt typhoon has ably demonstrated that the market careth not so why should the vendors? /rant
On 18 Dec 2025, at 21:05, Michael Thomas via NANOG <nanog@lists.nanog.org> wrote:
On 12/18/25 7:24 AM, Andrew Latham via NANOG wrote: Matt
Some open software would really keep a lot of this stuff out of the trash. I have Cyclades and Lantronix stuff on a shelf that works. I got tired of maintaining a box-in-the-middle to deal with ssh ciphers.
Have cipher suites really changed that much in the last 20 years or so? After the sha1 kerfuffle and needing to up RSA key sizes, has there been much change?
Or are you talking about some seriously old kit that predates that?
Mike, out of the loop
On Thu, Dec 18, 2025 at 7:43 AM Matt Brennan <brennanma@gmail.com> wrote: Up until recently I was using the Raritan Dominion SX II models. Dual PSU, dual NIC, and configurations ranging from 4 to 48 ports. However, Raritan has just discontinued that as of June. It is unclear how long they will continue to provide security patches.
They are recommending customers switch to the ZPE Systems Nodegrid Serial Consoles. It looks to be much the same, but I haven't had a chance to test one yet. The only difference I've noticed is the ZPE device seems to have an embedded 5G cellular module.
On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG <nanog@lists.nanog.org> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
(I have seen some things)
On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe) _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5VV3B6CV...
-- - Andrew "lathama" Latham - _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/CPBVORP6...
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Z4SBTD3J...
On Wed, Dec 17, 2025, 19:51 Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe)
Dan (et. al.) - Hear me out. Unconventional and might raise some eyebrows, but way cheaper, modular (no more "I used to have"s, "can't find them anymore"s, etc.), and if it works for you it works. 1. Serial "concentrator"/"multiplexer": miniPC, something like https://www.amazon.com/dp/B0DGGFR68Y Chuck Linux/BSD on it, add something like one (or more) of the following: https://www.conserver.com/ https://github.com/xcat2/goconserver https://github.com/wd5gnr/SerialMux https://eluaproject.net/doc/master/en_sermux.html https://github.com/danielinux/ttybus Some (esp. the N95 chip ones, but the N100s tend to be a bit more power efficient) can run fine with completely passive cooling. 2. Add in a *dedicated power* (no power-from-host-device) large-number-of-ports USB hub. Something like: https://www.amazon.com/dp/B07JM9ZFFV plus whatever connector adapters you need. 3. For OOB mgmt on the miniPC, IP-KVM. These two are the current hotness and are dirt cheap. https://blog.hardill.me.uk/2025/03/30/nanokvm-and-jetkvm-ip-kvms/ No power control like you would with a BMC or DRAC, but you can just bounce from the PDU or whatever if it gets that drastic. YMMV and it's not for everyone, but again- if it works for you, it works.
Couldn't you install linux on the cisco 2500s Im pretty sure at some time I got that to work so I could get SSH on them. We don't really use serial for access any longer just about everything has an out of band ethernet and we use that. On 12/18/2025 3:32 PM, Mike Simpson via NANOG wrote:
Largest vendor kit that only went EOL 2 years ago needs special config to allow DH algorithm that has been deprecated on the version of openssh in a MacOS that is older++ than the OS image on the kit
What has changed in the last 20 years is cryptanalysis leading to feasible attacks in minutes with a decent GPU -oh and the whole post-quantum encryption stuff and tonnes of cryptography hotness running through cfrg
Wouldn’t be a problem if security added shareholder value but stuff like fortinet/baracuda/salt typhoon has ably demonstrated that the market careth not so why should the vendors?
/rant
On 18 Dec 2025, at 21:05, Michael Thomas via NANOG <nanog@lists.nanog.org> wrote:
On 12/18/25 7:24 AM, Andrew Latham via NANOG wrote: Matt
Some open software would really keep a lot of this stuff out of the trash. I have Cyclades and Lantronix stuff on a shelf that works. I got tired of maintaining a box-in-the-middle to deal with ssh ciphers. Have cipher suites really changed that much in the last 20 years or so? After the sha1 kerfuffle and needing to up RSA key sizes, has there been much change?
Or are you talking about some seriously old kit that predates that?
Mike, out of the loop
On Thu, Dec 18, 2025 at 7:43 AM Matt Brennan <brennanma@gmail.com> wrote: Up until recently I was using the Raritan Dominion SX II models. Dual PSU, dual NIC, and configurations ranging from 4 to 48 ports. However, Raritan has just discontinued that as of June. It is unclear how long they will continue to provide security patches.
They are recommending customers switch to the ZPE Systems Nodegrid Serial Consoles. It looks to be much the same, but I haven't had a chance to test one yet. The only difference I've noticed is the ZPE device seems to have an embedded 5G cellular module.
On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG <nanog@lists.nanog.org> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
(I have seen some things)
On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe) _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5VV3B6CV...
-- - Andrew "lathama" Latham - _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/CPBVORP6...
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Z4SBTD3J...
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/HEODRQTF...
Once upon a time, Trey Scarborough <trey@3dsc.co> said:
Couldn't you install linux on the cisco 2500s Im pretty sure at some time I got that to work so I could get SSH on them.
Cisco 2500 series used a 68EC030, which is a dumbed-down 68030 with no MMU. The Linux m68k project always required an MMU, so it would not run on that CPU. There was some attempt to do an MMU-less Linux kernel fork at one point, but I don't know if that included any m68k effort (or if it really went anywhere). -- Chris Adams <cma@cmadams.net>
We're still rocking a couple of those. On an isolated management network, they just keep working. -----Original Message----- From: "Chris Adams via NANOG" <nanog@lists.nanog.org> Sent: Friday, December 19, 2025 12:54pm To: nanog@lists.nanog.org Cc: "Chris Adams" <cma@cmadams.net> Subject: Re: What are folks using for serial consoles these days? Once upon a time, Trey Scarborough <trey@3dsc.co> said:
Couldn't you install linux on the cisco 2500s Im pretty sure at some time I got that to work so I could get SSH on them.
Cisco 2500 series used a 68EC030, which is a dumbed-down 68030 with no MMU. The Linux m68k project always required an MMU, so it would not run on that CPU. There was some attempt to do an MMU-less Linux kernel fork at one point, but I don't know if that included any m68k effort (or if it really went anywhere). -- Chris Adams <cma@cmadams.net> _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/RDIQXOK2...
A comment here, choosing hardware that is built better is getting really hard. I find myself staring at industrial systems that have wide temperature operating ranges. A brand name server may have to many moving parts and poor heat dissipation for an OOBM solution. I know that many don't have purchasing power for vendors outside corporate approved sources. On Fri, Dec 19, 2025 at 11:02 AM Shawn L via NANOG <nanog@lists.nanog.org> wrote:
We're still rocking a couple of those. On an isolated management network, they just keep working.
-----Original Message----- From: "Chris Adams via NANOG" <nanog@lists.nanog.org> Sent: Friday, December 19, 2025 12:54pm To: nanog@lists.nanog.org Cc: "Chris Adams" <cma@cmadams.net> Subject: Re: What are folks using for serial consoles these days?
Once upon a time, Trey Scarborough <trey@3dsc.co> said:
Couldn't you install linux on the cisco 2500s Im pretty sure at some time I got that to work so I could get SSH on them.
Cisco 2500 series used a 68EC030, which is a dumbed-down 68030 with no MMU. The Linux m68k project always required an MMU, so it would not run on that CPU.
There was some attempt to do an MMU-less Linux kernel fork at one point, but I don't know if that included any m68k effort (or if it really went anywhere). -- Chris Adams <cma@cmadams.net> _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/RDIQXOK2... _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/44ZCZJ7G...
-- - Andrew "lathama" Latham -
participants (11)
-
Andrew Latham -
Brandon Martin -
brent saner -
Chris Adams -
Dan Mahoney -
Daniel Seagraves -
Matt Brennan -
Michael Thomas -
Mike Simpson -
Shawn L -
Trey Scarborough