Using a Cisco 2600 Series Router as a Serial Console Server
Serial consoles sound like an obsolete technology at first blush — after all, when was the last time you saw an RS-232 port on a computer, much less anyone actually using it for something? However, serial consoles remain the gold standard for out-of-band management of many enterprise-grade network devices. The format has changed a little, with many devices using RJ-45 ports to increase density vs. the wider legacy RS-232 standard, but the pinouts and underlying functionality remain the same — almost inevitably, an engineer has to dig up an adapter to convert USB to RS-232, and another adapter to convert RS-232 to RJ-45 just to be able to manage these devices. Equipment manufacturers are slowly transitioning to include mini-USB as an optional alternative, but the serial console persists.
Why not SSH?
In mission-critical networks, a console server providing OOB management is desirable because it allows a network operator to directly manage a network device as though they were physically sitting in front of it with a keyboard and monitor. Unlike SSH or Telnet, serial OOB management allows a network operator to interact with a device from the time it is powered on to the time it is powered off — without relying on a working operating system or properly configured SSH/Telnet server software — making it ideal for troubleshooting scenarios.
Purchasing Options
Even today, a purpose-built 32-port serial console server costs $2,000-$3,000 (or more). By comparison, a robust 32-port console server can be easily built from used parts for less than $200.
This article documents one such way of accomplishing this task. While many writeups of this exist, the purpose of this article is to specifically document the configuration necessary for a Cisco 2651XM router with Cisco’s NM-32A Async Network Module. Cisco has a great guide based on their 2500-Series router platform, and many writeups exist for modified versions of this with various router platforms and network modules. However, this writeup specifically documents this particular config and hardware in the hope it will save time for others. These instructions should work for any 2600-Series router with little/no modification, but they are specifically written for a 2651XM running IOS version c2600-advipservicesk9-mz.124–19 with an NM-32a network module.
Below is the average price from recent Buy-It-Now eBay listings of the parts required:
- Cisco 2651XM: $30-$60
- Cisco NM-32a: $40-$50
- Cisco CAB-OCTAL-ASYNC: $20-$30
The number of CAB-OCTAL-ASYNC cables needed depends on the number of serial connections you need. Each cable has 8 connections, so for a full 32-port console server you’ll need 4 CAB-OCTAL-ASYNC cables. If you need 16 connections or fewer, the NM-16a is an acceptable alternative to the NM-32a, but due to the popularity of the NM-32a it may be less expensive to get the card with more ports.
Assumptions
This writeup makes the following assumptions:
- You have the router, network module, and cables
- The network module is installed in the router
- The router is powered-on and booted up into IOS
- Any pre-existing configuration has already been erased
Line Numbers
In this configuration, we have a couple of specific values that correspond to the physical lines coming out of the console server (attached to console ports on other devices).
- The physical lines are numbered 1–32.
- The virtual line numbers may differ depending on internal inventory techniques; use the show line command to review the range that is correct for your device; on my equipment, this range is 33–64 (see the example output at the bottom of this document)
- The telnet port numbers exposed for remote management are 2000 + virtual line number. In my case, this means 2033–2064
Configuration
Below is the complete set of configuration steps (commands) to be issued on the router’s console to complete the setup:
enable
configure terminal
hostname SERVER-NAME
enable secret 0 PASSWORD
username admin password PASSWORDint f0/0
ip address dhcp
no shut
exitline 33 64
transport input telnet
no exec
exec-timeout 0 0line vty 0 4
password PASSWORD
loginno ip http server
ip classless
ip subnet-zero
ip host LINE1 2033 127.0.0.1
ip host LINE2 2034 127.0.0.1
ip host LINE3 2035 127.0.0.1
ip host LINE4 2036 127.0.0.1
ip host LINE5 2037 127.0.0.1
ip host LINE6 2038 127.0.0.1
ip host LINE7 2039 127.0.0.1
ip host LINE8 2040 127.0.0.1
ip host LINE9 2041 127.0.0.1
ip host LINE10 2042 127.0.0.1
ip host LINE11 2043 127.0.0.1
ip host LINE12 2044 127.0.0.1
ip host LINE13 2045 127.0.0.1
ip host LINE14 2046 127.0.0.1
ip host LINE15 2047 127.0.0.1
ip host LINE16 2048 127.0.0.1
ip host LINE17 2049 127.0.0.1
ip host LINE18 2050 127.0.0.1
ip host LINE19 2051 127.0.0.1
ip host LINE20 2052 127.0.0.1
ip host LINE21 2053 127.0.0.1
ip host LINE22 2054 127.0.0.1
ip host LINE23 2055 127.0.0.1
ip host LINE24 2056 127.0.0.1
ip host LINE25 2057 127.0.0.1
ip host LINE26 2058 127.0.0.1
ip host LINE27 2059 127.0.0.1
ip host LINE28 2060 127.0.0.1
ip host LINE29 2061 127.0.0.1
ip host LINE30 2062 127.0.0.1
ip host LINE31 2063 127.0.0.1
ip host LINE32 2064 127.0.0.1end
wr mem
Note that the loopback interface (lo0) is configured with the IP address 172.32.255.254 and subnet mask 255.255.255.255. This can be any address and subnet, but it is specific to the loopback interface (cannot overlap with the rest of your network).
Also note that the FastEthernet 0/0 interface (f0/0) is configured to receive an IP address from a local DHCP server when connected to your network. If you’d like to set a specific/static address, use the following commands (example given is a device IP of 192.168.10.100 and subnet mask of 255.255.255.0):
enable
configure terminal
f0/0
ip address 192.168.10.100 255.255.255.0
endwr mem
Console Port Speeds
The default configuration assumes that all of the equipment you want to connect to from the console server uses the Cisco-default serial connection speed of 9600bps (9600 baud) — other common speeds include 38400 and 115200. If you need to change this for all ports, you can do so by executing the following command (assumes we are changing the rate to 38400 for all ports):
enable
configure terminal
line 33 65
rxspeed 38400
txspeed 38400
endwr mem
You can also make changes to specific lines by changing the line range (instead of “33 65” specify the lines you want to change).
Virtual Line Numbers
Below is the output of a show line command demonstrating lines 33–64. Note that the lines on this console server are configured for 38400 baud instead of the normal 9600 baud rate.
Remote Access
Once you’re done configuring the console server, connect the physical octal cable lines to the appropriate console ports on your other devices (or use a patch panel to create longer extensions with straight-through Cat5e/6/6a Ethernet cables). Then connect the console server to a network/Internet connection using the FastEthernet 0/0 port. Once you confirm the IP address on f0/0 (use show ip int br on the command line if needed), head over to your remote access client. For the purposes of this overview, we’re assuming that f0/0 on the console server has IP address 192.168.10.100.
From the remote access client, you can directly access any device physically connected to the console server using telnet. Remember from above that the telnet port number follows the format: 2000 + virtual line number. If you are trying to access the device connected to line 1 on the console server (with physical line 1 identified as virtual line 33), using a Windows command line client, could do so by issuing the following command:
telnet 192.168.10.100 2033
You will be prompted to enter the username and password you specified earlier in the configuration process. After entering this information, you will have direct access to the connected device through the console server.
