This is a summary of the private responses to my nanog query: >From: Sanjay Dani <sanjay@professionals.com> >Subject: semi-relevant: router/server serial console access aggregator >To: nanog@merit.edu >I am looking for recommendations on a small "footprint" >(1U) device that is directly accessible via ethernet/IP >and dial-in. It will be hosted in a remote data center >to access the consoles of several cisco routers and >UNIX servers remotely. > >I have a feeling somebody has built a cheap and reliable >linux/bsd/unix based device with sshd, ethernet port and >8 or 16 serial ports. Thanks to all of you who replied. I may not be able to reply to you personally. 18 suggested using variations of the Cisco 2509/11/14. 1U. Can use telnet with IP address based access lists. ssh support expected in 12.0T, out in a few weeks. *** Watch out for the 2500's sending a break on asynch ports on power cycle and halting Sun consoles *** 4 suggested other 1U servers without ssh such as WTI, Lantronix, and Shiva LAN Rovers with RADIUS auth 9 suggested using 1U or terminal servers such as Livingston Portmasters (7 out of 9). No ssh, but can use SecureID with RADIUS. 7 suggested "bulky" 2U or more bsdi/linux based PC's with cyclades or other cards or Sun boxes with magma SBUS or Digi SCSI cards 11 are _very_ interested in better solutions. I'v attached exceprts from some of the replies I got. I decided to not quote the name/email of the sender. Hope that is the right call here re. respecting privacy vs. attributing credits. PS. A local PC integrator we work with got the post forwarded by someone else on Nanog. He came back within a few minutes with a promise to deliver a 1U Intel/Linux box in the next three weeks, after doing some hardware engineering. That overall seems the best match for my own requirements. I have no financial interest in this integrator except I may get an evaluation piece, competitive pricing :), and the satisfaction of promoting somebody on the "good" side (freeware, custom hardware, reliability, functionality etc.) against the big guys (M$, Crisco etc.). Excerpt attached at the end. ----- I buy Livingston Portmaster 2E-30s (30 DB25 serial) for this purpose. I've bought several used for around $1000 from Network Hardware Resale in Santa Barbara, CA. These boxes are reliable--probably far more so than a PC-based solution--offer good port density in a relatively small footprint, and will run forever. There's no support for ssh, but you can use SecureID with RADIUS if necessary. ---- Most terminal servers will do what you need, except for the SSH bit. I have used Xyplex and Livingston terminal servers for this purpose and 16 port Xyplex terminal servers are/were available in a 1U height. ---- I'd be interested in the summary, but I've scoured the web for such a device and as far as I can see, nothing will have sshd AND 16 serial ports that isn't a full fledged bsd box with cyclades cards. We currently use livingston pm2e's with a modem in s0 and various devices off of the other ports (they are about 3-4U though). We have IP based filters on them and they work very well for what we need them for... http://www.ams.com/reseller/livingston-specials.html ---- Well, except for sshd and dialup, that's a terminal server, with reverse telnet. That wouldn't be to hard to do, except for the 1U requirement, with J. Random Linux box; the Boca BB1008 and 1016(?) cards work nicely. Finding something with both 1) enough serial ports, and 2) that small a formfactor is likely to be troublesome. --- The 2511-RJ version with 16 RJ45 jacks fans out more easily over several racks than the classic cisco 2511 with its 2 octopus cords. And yet as a REAL cisco router you can also have it on someone else's frame relay network globally as your OOB access when your own network is trashed. Beware the cisco pinning inheritted from DEC via Emulex. Pins 3+6 are paired in normal Cat-3/5 patch cords but that pairs xmit with receive data for cisco. That is why their console cords MUST be FLAT mod cordage. Cisco plan for 'rolled' wiring where pin 1 at one end is 8 at the other. We wire our own mod to rs232 adapters backwards to cisco's and so use straight through wiring. If you prefer to use round 4 pair cable rather than flat, bastard pin it straight through but DON'T nake 3+6 be a pair! Just use a pair each for 1+2, 3+4, 5+6, and 7+8. Tip color code on odd pin, and do them in THAT sequence by normal color code starting with wh/blu blu/wh on 1+2. That way any savvy person looking will spot that they are NOT a normal cat-5 ethernet/t1/whatever cable. If you need a spiffier router that even supports 100BaseT for running VLANs on a small cisco 19xx class switch, look at the 262x routers. The LARGE slot in there is the same as a 36xx router and can get you 32 octopussed async ports. 3 of those 32 port modules in a 3640 get you 96 ports with a slot left for MANY options from 2x10BaseT + 4xT1 to even a full HSSI for T3. Althouhg one of the ASYNC ports can be a modem in, so can the normal AUX port. These cisco async ports are also PPP ports for those CSU/DSUs etc that need such for SNMP remote management. OTOH, folks retiring PM2s use them. --- Might not be what you wanted, but check out: http://www.eng.auburn.edu/users/doug/console.html and more generally: http://www.stokely.com/unix.serial.port.resources/serial.switch.html --- Western Telematic makes a network accessible device that can be used for console aggregation. The product is the RSM-800, which WTI describes as a "Telnet & Dial-up Remote Port Manager." Take a look at the following URL for more information: <http://www.wti.com/rsm.htm> --- Check http://www.wti.com. They have a unit like the one you're looking for. They also make 1U power strips with a serial port for modem, a console port for dumbterm and an ethernet port for the LAN for in/out of band administration. --- I'm interested in what you find out. I'm currently building a Linux CD image to boot and run w/o hard drive or floppy on a PC device. I've found a 2U case I could put a PC motherboard. Add things like P/S, CDROM, CPU, RAM, NIC, then you'd have at least something that can run fairly stable (certainly can't trash it's hard drive). Mostly I'll be using cheap boxes of the MicroATX form factor. SSH will be a complication for a couple reasons, but I'm planning to put together a non-encrypted connection server that uses RIPEMD-160 to get into the box from remote, but without encryption (e.g. no one can open the door, but they can see you walk in if they are looking). ---- We use the Lantronix LRS16 - 1U, 16 serial ports (on RJ45), and ethernet. It's actually a full dial-in server, so you can attach a modem to one serial port and it'll give you dial-back/securid/whatever you require. I believe they also now do one which doesn't have all the dial-in bits, making it a bit cheaper. We pay UKP 1200 for them (about $1920), so they're not cheap, but they're reliable. Doesn't do ssh, despite several requests :( ---- Well, I've got nothing that small, but what we use is 2u in height. They're made by a company called Server Technologies (www.servertech.com). The box we have is the "Sentry". It's got 8 power ports which can be remotely cycled, 8 serial (up to 12 I believe), ethernet, and 2 "inbound" serial (one for modem and one for cisco aux port type stuff). The only bummer is the 8 serials are 6-conducter RJ11. Everything I've used before these has either been RJ45 or DB9. Once you get used to it tho, it's no big deal ---- Just stick an extra ethernet card in one of your existing administrative servers (or all of them!) and create a private RFC 1918 network. Firewall it off and attach any old terminal server that supports reverse telnet to that admin lan. Plug a modem and a terminal into two of its ports as well, and away you go. There may be lots of other admin uses for that second LAN too. I run secure NTP and DNS between my servers on it, do my backups over it, etc. I happened across a bunch of DECserver90TL's (little 8-port modular terminal servers) [and a DECserver900TM 32-port, but it needs a DEChub 900 backplane to attach to], and they work very well for this job (except for the fact that you have to re-configure them manually unless you have all of DEC's original PC-based config management tools). ---- cisco's old terminal server, the 2511 works nicely. 1U, with an octopus type assembly running out the back to a 16 port patch panel. The only problem I've come across is that, in the event of the 2511 being power cycled, it'll send something that looks like a break out on all the async lines. This tends to upset Suns, but there are ways around it. ---- We use 2511s. We have somewhere between 60-100 installed without any issues... --- I say, Yes.. I have something like this which I can sell today.. But, I am holding on to it. My 1U will be shipping soon.. with lots of good features (eg.. for this application we can have a pci internal modem card for remote dialin into the syste, if network connection from outside world is not available) etc. etc. etc.. There are few product highlights.. which are being further enhanced before we start shipping. http://www.tesys.com/enclosures/rackmount_telepro_101.shtml I can give 4 serial ports out of the box.. othes I will have to think of.. But, hey I have a spare PCI slots for expansion.. I may put it work and do something intelligent with it. - The stuff you see on my web page, it's ready. But, the extra pci expansion port and attachements are not ready yet. I have stopped the shipping of this 1U product, so I can incorporate the pci expansion card in there and make it more versatile. This PCI expansion card will let you plug another ethernet port (for firewalls), or ethernet pci card with multiple ethernet ports (small router), or even a combination of ehther and scsi card or a pci 8 or 16port multiport serial card as you mentioned... Yes, I do have certain things ready.. But, I am not ready with the expansion pci card yet. As I said aboe, I have designed a pci riser card, which is bit specific to this particular enclosure, but uses the same circuits etc.. as our 2U does. It will take another 2-3 weeks for me to get the first lot manufacturered. ---