RE: terminal server recommendation
Charles, Agreed on some of your points - The ssh issue would be the biggest problem, however we separate the term servers on a private, out-of-band network, so we haven't been particularly concerned with telnet snooping, especially considering the ssh code on Cisco still only has limited platform support. Something to bring up with our security team nonetheless. We haven't sen the amphenols dislodge, and we have hundreds of these babies, so that is weird. Maybe a lot of them are dropped downward - haven't inspected them all. As far as configs, we can manually copy them via FTP, but as I said, we only use them for Tservers, so nothing to fancy with PPP, etc. We do use RADIUS, which hasn't been a big issue. I think the primary reason we use them is high port density and our original network engineers had extensive experience with them, so they've stuck around. How many large NSPs have whole racks of 2511s in the field (I think a lot). The setup and recovery totally sucks. I remember the first time I reloaded one. It prompted for the boot file and I put the config filename in by mistake. Whoops, tserver is dead, have to dispatch with a wacky-pinout-having console cable and rebuild. *sigh* We are replacing them with 3660's, unless someone has a better recommendation (The primary reason being TACACS+ support). chris
-----Original Message----- From: Charles Sprickman [mailto:spork@inch.com] Sent: Tuesday, May 01, 2001 9:28 PM To: Martin, Christian Cc: 'Charles Smith'; nanog@merit.edu Subject: RE: terminal server recommendation
On Tue, 1 May 2001, Martin, Christian wrote:
The Xylogics/Bay/Nortel Remote Annex 4000 can support up tp 72 console ports, and has a great menu interface with great EIA-232 functionality.
Eh? Unless they've added command completion and history, I have to disagree there... Add to that that they don't self-boot and that you can't save your config off the box. And you will *not* just set the thing up in a half hour.
Ports don't hang, they reset on time, etc. They use amphenol connectors across 25 pair which makes for easy punchdowns and cross-connects.
The amphenols have a nasty habit of not seating properly, especially when the box is in a cabinet and some cables have to go upwards rather than down... And when they're half-in, or not perfectly level you one day find you can reach four of your six devices...
And there's no ssh.
One caveat - they are EOL....
Thank God :)
But the code seems to have lived on for a while in the Bay 5300 access servers. I think only Concentric bought into that sham though. Some evil things just cannot be killed by normal means. Although a good "ping -s 1500" directed at an attached PPP user will render it useless until you stop.
Perhaps it's because I'm still forced to use them since we have them left over from when they were dialup PPP servers or something, but I like them less than stinky cheese. I do get a bit nostalgic because it was the first thing I ever "su'd" on, and it does have a BSD code base. But I certainly would recommend anything else over an Annex.
BTW, wanna buy one? I've got a spare 4000 and two Annex 3's, and a box full of octopus cable...
MHO,
Charles
chris
I would like to deploy a terminal server in several of my POPs, however cost is a slight issue. Can anyone on the list recommend a fairly inexpensive terminal server (besides Cisco)? Obviously the terminal server should be reliable and work - it is the little things that count.
chas _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
I'm just currious. I've seen sevaral posts over the past few months regarding TACACS and RADUIS being used for authentication for term servers that are used for OOB access to devices. Something just isn't making sense here. If you need to use the device to access something OOB, has it perhaps come to your attention that it is quite possible that YOUR IPV4 NETWORK CONNECTION TO YOUR TSERVER IS MOST LIKELY DOWN AS WELL and as such, IT CAN'T AUTHENTICATE YOU TO THE TACACS OR RADIUS SERVER? Thank you for letting me get that off my chest. I welcome enlightenment from those who see past the gotcha I've outlined above. --- John Fraizer EnterZone, Inc On Tue, 1 May 2001, Martin, Christian wrote:
Charles,
Agreed on some of your points - The ssh issue would be the biggest problem, however we separate the term servers on a private, out-of-band network, so we haven't been particularly concerned with telnet snooping, especially considering the ssh code on Cisco still only has limited platform support. Something to bring up with our security team nonetheless. We haven't sen the amphenols dislodge, and we have hundreds of these babies, so that is weird. Maybe a lot of them are dropped downward - haven't inspected them all.
As far as configs, we can manually copy them via FTP, but as I said, we only use them for Tservers, so nothing to fancy with PPP, etc. We do use RADIUS, which hasn't been a big issue. I think the primary reason we use them is high port density and our original network engineers had extensive experience with them, so they've stuck around. How many large NSPs have whole racks of 2511s in the field (I think a lot).
The setup and recovery totally sucks. I remember the first time I reloaded one. It prompted for the boot file and I put the config filename in by mistake. Whoops, tserver is dead, have to dispatch with a wacky-pinout-having console cable and rebuild.
*sigh*
We are replacing them with 3660's, unless someone has a better recommendation (The primary reason being TACACS+ support).
chris
-----Original Message----- From: Charles Sprickman [mailto:spork@inch.com] Sent: Tuesday, May 01, 2001 9:28 PM To: Martin, Christian Cc: 'Charles Smith'; nanog@merit.edu Subject: RE: terminal server recommendation
On Tue, 1 May 2001, Martin, Christian wrote:
The Xylogics/Bay/Nortel Remote Annex 4000 can support up tp 72 console ports, and has a great menu interface with great EIA-232 functionality.
Eh? Unless they've added command completion and history, I have to disagree there... Add to that that they don't self-boot and that you can't save your config off the box. And you will *not* just set the thing up in a half hour.
Ports don't hang, they reset on time, etc. They use amphenol connectors across 25 pair which makes for easy punchdowns and cross-connects.
The amphenols have a nasty habit of not seating properly, especially when the box is in a cabinet and some cables have to go upwards rather than down... And when they're half-in, or not perfectly level you one day find you can reach four of your six devices...
And there's no ssh.
One caveat - they are EOL....
Thank God :)
But the code seems to have lived on for a while in the Bay 5300 access servers. I think only Concentric bought into that sham though. Some evil things just cannot be killed by normal means. Although a good "ping -s 1500" directed at an attached PPP user will render it useless until you stop.
Perhaps it's because I'm still forced to use them since we have them left over from when they were dialup PPP servers or something, but I like them less than stinky cheese. I do get a bit nostalgic because it was the first thing I ever "su'd" on, and it does have a BSD code base. But I certainly would recommend anything else over an Annex.
BTW, wanna buy one? I've got a spare 4000 and two Annex 3's, and a box full of octopus cable...
MHO,
Charles
chris
I would like to deploy a terminal server in several of my POPs, however cost is a slight issue. Can anyone on the list recommend a fairly inexpensive terminal server (besides Cisco)? Obviously the terminal server should be reliable and work - it is the little things that count.
chas _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
On Wed, May 02, 2001, John Fraizer wrote:
I'm just currious. I've seen sevaral posts over the past few months regarding TACACS and RADUIS being used for authentication for term servers that are used for OOB access to devices. Something just isn't making sense here. If you need to use the device to access something OOB, has it perhaps come to your attention that it is quite possible that YOUR IPV4 NETWORK CONNECTION TO YOUR TSERVER IS MOST LIKELY DOWN AS WELL and as such, IT CAN'T AUTHENTICATE YOU TO THE TACACS OR RADIUS SERVER?
You can configure "default" passwords which are used if your authentication servers are down. .. you guys do this, right? :-)
Thank you for letting me get that off my chest.
Welcome. :)
I welcome enlightenment from those who see past the gotcha I've outlined above.
I'm sure you can find example configurations for this on cisco's website. :-) In any case, it is certainly plausible that you'd need OOB access to a device that you can't get IP connectivity to but you can get connectivity to the local term server. Think "crashed server". Or "broken flash". Or "Failed remote software upgrade". Adrian -- Adrian Chadd "Two hundred and thirty-three thousand <adrian@creative.net.au> times the speed of light. Dear holy fucking shit."
participants (3)
-
Adrian Chadd -
John Fraizer -
Martin, Christian