Partager via


Managing lots of Cisco consoles from one location

So I know this is MSDN and this post is not so msdn like but we can only have one blog. I had to pick between MSDN or TechNet. Because I am in DevDiv I picked MSDN. 

Any who. The issue: Lets say you have 16 or so Cisco devices (extreme works also) that connect to various parts of your network. Now you want to be able to manage these devices remotely but not make a huge security hole using Vlans and attempting to keep it all secure with ACLs. 

So the easy way is to do all the management via the console port. No ACLs to worry about and easier to secure. 

So I have 16+ Cisco devices from Routers to switches (2950s, 3550s, 2621s, 2651s, 3750s, 4912s and even an AS5300) all in my lab. So with all those in my lab I got myself a DIGI portserver TS 16 Rack mount device (we use them for kernel debugging also). With a special digi to cisco cable (yes I will give you the pin-outs if you want them) I connect each cisco's console port to the digi and then the DIGI's Ethernet port to my "management network". The management network is where my management workstation lives.

The digi device will let you telnet or ssh (SSH is better) into it. Then from there connect to each of its ports (using the connect command). Now where the fun comes in is how to setup the DIGI to talk to the cisco. Then create a menu so you dont alway have to know the port number each device is connected to. 

So below are the steps to allow you to connect the DIGI to the cisco (once you have the cable). 

  1. Make sure your device is up to date. I am using 82000685_E.bin and 82000684_L.bin
  2. Know your port numbers (we are going to use ports 1-16)
  3. Set the port type to printer (set ports range=1-16 dev=prn)
  4. set the ip on your digi (set config dhcp=off ip=<your IP> submask=<mask>)

At this point you should be able to use "connect 1" and connect to port 1. A few hits of the enter key and it should show you the cisco console.

Now we need to secure the device a little more by turning off things that are not needed. This will leave only telnet and ssh on (I would turn off telnet also but if you dont have an ssh client then it is kinda hard to use).

  1. set secureaccess http=off snmp=off rlogin=off rsh=off https=off realport=off securerealport=off
  2. set secureaccess reversessh=off securesockets=off reversetcp=off reversetelnet=off

We need to make our menu before we assign a user to use it. This will be an example of ports 1-3 with a title bar

  1. set menu range=1 t1="Cisco management" t2="Make sure you save!" name=menu1
  2. set menu range=1 m1="cisco 1" c1="connect 1"
  3. set menu range=1 m2="cisco 2" c2="connect 2"
  4. set menu range=1 m3="cisco 3" c3="connect 3"

Now lets make a user that we will connect with to see our menu

  1. set user name=<username> defaultaccess=menu menu=1

Set the password for our new digi user

  1. newpass name=<username>

Now a little know tip. When use the default escape char with digi it will leave the port open and not let you reconnect until you do a kill tty=<tty number> (you can see the ttys by running the 'who' command). But if you use the escapekill command (default is a . (that is a period)) then it will close the tty when you escape. So the default escape command is "<ctrl>+]" <without quotes>. Now add a period after that and hit enter and you will kill the connection not just disconnect so a "<ctrl>+].<enter>". Now you press the control and ] key in one key stroke then the period in another.

Now you should be able to telnet or ssh into your ip and get a menu. Press 1 to connect cisco 1, 2 to connect to cisco 2, and 3 to connect to cisco 3. 

How great!

Comments

  • Anonymous
    March 21, 2012
    Hello, I understand it's now about 7 years later but what are the pin-outs? I see on Digi's website they have a crossover cable listed. However from their diagram it doesn't seem to be a simple RJ-45 crossover cable. Thank you, Zahid

  • Anonymous
    March 21, 2012
    ftp1.digi.com/.../rj45_8pin_altpin_cisco_rj45_8pin.pdf

  • Anonymous
    August 19, 2013
    Its even longer now since original post...Mike..hope you see this?.   I got one of these on e-bay hoping to use with CCIE home lab, Spent all day off/on testing but still no joy.   Arrived with no docs but I have factory reset.   Connected via discovery tool to setup IP address.   Configured via web browser 'All Printer' port sor 'All Console Management' ports.   No joy either using the 'Connect 1'  or  Telnet 192.168.1.100 2001 with Printer or Console Management setups.    I had my favourite cabling company make me 1 of the Digi - Cisco Console Adapter, Altpin RJ-45 to RJ-45 specs which looks ok but cannot be sure I guess?   In desperation I upgraded teh POST and the Firmware to 82000685_G and 82000684_V2 (dated 2013)  respectively.    Still no joy connecting to working Cisco Console Sessions.   I just connect with flashing cursor in Putty or Windows Telnet Terminal Sessions.     I can Telnet to the TS16 and logon as root with no issues.  I have set the Altpin DCD setting on the Advanced Setup.    Pulling whats left of my hait our now?   Any suggestions please?

  • Anonymous
    August 19, 2013
    Andy: My guess is the cable is not correct or devices your connecting to are different speed settings than the Digi is set to.  you can shoot me mail directly and I can try to help debug more mpoulson at Microsoft.com.

  • Anonymous
    August 19, 2013
    Thanks Mike.   I have progressed a bit as Digi support forum suggested a loopback test.  I made one as the TS 16 came with nothing.  The loopback RJ-45 worked and could see text echoed either in a port setup as Printer or a port setup as Console Management.   So this points towards the ocable I hope.   I found one of the new official Digi Cisco/Sun cables on Amazon so have ordered just one as a test.    All this just to manage my Cisco Home Lab :)  Will see if that works.  Thanks for your original post as that helped a lot!

  • Anonymous
    August 22, 2013
    Hoorah.  I purchased a cheap cable tester and rj-45 crimp kit on e-bay.    There was a short on the cable my guy had made up.  He did do it in a hurry as a favour so not to blame.   I re-terminated that end with same colours written down and success!   All working.   Thanks for you blog which helped loads!