'Damn you guys!' or 'I got a Console Server'

ZeroHunter

I built my Lab Rack, with a DB-9 serial port interface board, and I was very proud of the outcome, but I knew nothing of the Console Server, but somebody had to tell me about it, I don't want to name any names, (coughing under breath, Darthn3ss).

So I started to do a little research about the Console Server(s), (side note, MAN, those things can be expensive!) I found that the Lightwave Communications by Lantronixs units are kinda nice. There are a couple used/none working units on eBay pretty cheap. I decided to take my chances and buy one, the worst that would happen is that I would not be able to get it to work and be out ~50.oo$, but would gain some more repair/void warranty training.

I got a SCS1620, cheap the seller said that it, lighted up but did nothing else, I figured it was a power supply problem, so I bought it, and upon receiving it, tearing it open & probing with a multimeter etc etc, sure enough it was bad power supplies [yes it had two]. I rigged up a old PC/ATX power supply to test, and sure enough the thing sprang to life!

So I took the two factory power supply out, and threw them in the trash where they belonged, for something so expensive they used cheap a$$ power supplies!

Hack, Slash, Glue, Paste, Soldier, Swear, Swear a little more, Read, Read, & Re-Read, Flash, Setup, Setup Again. . . . . I now have a working 16 port, web accessible Console Server for a total of about ~50.oo and 2.5 days work(off & on).

I installed a real 1U PC power supply that has a fan, unlike the factory POS's Power Supplies that was used at the factory. Still to do is some more setup, and final cabling to complete its installation in the rack, but I am very happy with the outcome.

As an end note if anyone is looking for a console server, and has some basic repair skills you can get and repair one of these pretty cheap.

Here some photos, for the more visual of us:





But really in closing, I would like to thank everyone, I have learned so much already, and I am only beginning and look to learning so much more for being part of this group!

earweed

Sweet deal. I'm glad to hear you got that and that You were able to get it to work.

chmorin

Quite the story, very handy of you to get it all working. well done.

Now if you can paint it black...

ZeroHunter

chmorin wrote: »

Quite the story, very handy of you to get it all working. well done.

Thanks, I hope it helps others

chmorin wrote: »

Now if you can paint it black...

I could easily do the prep and paint work, I did it to all my Linksys older stuff{the older blue faced w/ black bodies, I Blacked out the Blue part that always seems to fade at varying speeds}, the only problem would be that I would loose the Brand & Model number information, and it would get a very basic look. Not sure if I want that.

They are not stickers, that I could remove it looks like a silk-screened process, unlike the older Linksys stuff that was all stickers.

alan2308

That is awesome!

There's a stack of them on eBay right now for $25 in untested condition. I'm real tempted.

ZeroHunter

alan2308 wrote: »

That is awesome!

There's a stack of them on eBay right now for $25 in untested condition. I'm real tempted.

If you can turn a screw-driver, read a multi-meter and soldier, you can most likely repair the unit, then you will most likely have to flash the CF memory card that is inside it(you will need Linux for this function), to the newer version and to wipe out the settings/passwords from its previous life.

You are also almost guaranteed to need a 1U power supply, but find a nice small one that has a 20 ATX output, don't worry about the floppy/hard drive connectors.

alan2308

Yes, my background is actually in electronic repair before I started down the networking route. And I use Linux exclusively at home. So I should be good.

Forsaken_GA

i'm very impressed with the engraved console panel as well

ZeroHunter

alan2308 wrote: »

Yes, my background is actually in electronic repair before I started down the networking route. And I use Linux exclusively at home. So I should be good.

Just a note, I took a look at some of those SCS1620's listed on eBay, I notice that a lot of them do not include the Rack-Mount brackets. I would try to make sure that the one you get has them, as they seem to be made for the unit exclusively, and are of good quality.

Zartanasaurus

Very sexy setup there.

bcall64

I have a question about this device. It looks pretty awesome. It looks like it has a web management interface. Can you explain to me how that works and what ports it uses? I'm trying to find the info online but struggling to find the specific information I need.

ZeroHunter

bcall64 wrote: »

I have a question about this device. It looks pretty awesome. It looks like it has a web management interface. Can you explain to me how that works and what ports it uses? I'm trying to find the info online but struggling to find the specific information I need.

Ok let me do my best here; I am no expert by any means and I am still learning about the unit, but I have got it setup enough that I should be able to answer this question.

Yes the unit has a web based setup interface (as well as Console, SSH, Telnet & direct input from front panel), the web based interface requires that you provide some basic setup info (IP address, sub net, etc etc) via either console or front panel before you can access it, but that is somewhat understandable. Once that is done you can do everything else from the browser.

I set mine up as 192.168.1.155 see screen shot:



You can even set it up so that you can access it from outside your network, I personally have not done this, as I do not know enough about security to punch holes in my network.

One of the neat things is that once setup and configured, you can assign each device that is connect (example: my Cisco2611XM_1) a device name and individual IP address that you can access directly via Telnet or SSH.

So my Cisco 2611XM_1 is 192.168.1.160 and my Cisco 2611XM_2 is 192.168.1.161 and so on.

I am having a problem get the devices setup on the console server, but I am pretty sure its something stupid that I am doing, either I have the cable wrong, or I have some setting for how the SCS1620 talks to the Cisco devices(ShoDown is currently trying to help me with that) and of course if anyone else wants to help I would appreciate it, but don't let my set back hold you from the purchase as I am sure that I will get it figured out and by the time you get one and get to that point I would be able to help you.

These Console Servers are very affordable on eBay (est less then 50$ shipped in most cases) and easy to repair[see previous post], and if we can get a few guys that get them I am sure that we can figure out all the tricks and setup ins & outs.

If you have more question please ask.

Link to owners manual: http://www.lantronix.com/pdf/SCSxx05-xx20_UG.pdf
Link to newest Bios/OS: Latest firmware for the SCS820/SCS1620 and SCS3205/SCS4805

bcall64

ZeroHunter wrote: »

Ok let me do my best here; I am no expert by any means and I am still learning about the unit, but I have got it setup enough that I should be able to answer this question.

Yes the unit has a web based setup interface (as well as Console, SSH, Telnet & direct input from front panel), the web based interface requires that you provide some basic setup info (IP address, sub net, etc etc) via either console or front panel before you can access it, but that is somewhat understandable. Once that is done you can do everything else from the browser.

I set mine up as 192.168.1.155 see screen shot:



You can even set it up so that you can access it from outside your network, I personally have not done this, as I do not know enough about security to punch holes in my network.

One of the neat things is that once setup and configured, you can assign each device that is connect (example: my Cisco2611XM_1) a device name and individual IP address that you can access directly via Telnet or SSH.

So my Cisco 2611XM_1 is 192.168.1.160 and my Cisco 2611XM_2 is 192.168.1.161 and so on.

I am having a problem get the devices setup on the console server, but I am pretty sure its something stupid that I am doing, either I have the cable wrong, or I have some setting for how the SCS1620 talks to the Cisco devices(ShoDown is currently trying to help me with that) and of course if anyone else wants to help I would appreciate it, but don't let my set back hold you from the purchase as I am sure that I will get it figured out and by the time you get one and get to that point I would be able to help you.

These Console Servers are very affordable on eBay (est less then 50$ shipped in most cases) and easy to repair[see previous post], and if we can get a few guys that get them I am sure that we can figure out all the tricks and setup ins & outs.

If you have more question please ask.

Link to owners manual: Latest firmware for the SCS820/SCS1620 and SCS3205/SCS4805
Link to newest Bios/OS: Latest firmware for the SCS820/SCS1620 and SCS3205/SCS4805

That looks pretty sweet. I was going to setup an access server eventually but those are far more expensive. If you do get the console server setup let me know. Is there a CLi within the Web Interface? I want to be able to get into the web interface via port 80 and then use the console server to get into the devices. The reason is port restriction where I would be logging in from.

BTW to open it up to the web you just need to forward the correct port to the console server itself.

ZeroHunter

bcall64 wrote: »

That looks pretty sweet. I was going to setup an access server eventually but those are far more expensive. If you do get the console server setup let me know. Is there a CLi within the Web Interface? I want to be able to get into the web interface via port 80 and then use the console server to get into the devices. The reason is port restriction where I would be logging in from.

BTW to open it up to the web you just need to forward the correct port to the console server itself.

No I don't think there is a CLi from within the Web Interface, but because you can assign each device an IP address you could easily forward ports from outside telnet connection to that address.

Now there might be some sort of plug-in for Firefox that would let you Telnet from within the browser, but I have not looked for one, nor do I have interest at the moment. It (the Lantronix 1620)also has built in DNS and firewall settings, if you choose to use them



Thanx for the note on putting the unit on the web, but again at the moment I see no reason to do this, and if I would like to access it from the outside at the moment, I would just do so through my Windows Home Server, which should at a little bit of security.

bcall64

ZeroHunter wrote: »

No I don't think there is a CLi from within the Web Interface, but because you can assign each device an IP address you could easily forward ports from outside telnet connection to that address.

Now there might be some sort of plug-in for Firefox that would let you Telnet from within the browser, but I have not looked for one, nor do I have interest at the moment. It (the Lantronix 1620)also has built in DNS and firewall settings, if you choose to use them



Thanx for the note on putting the unit on the web, but again at the moment I see no reason to do this, and if I would like to access it from the outside at the moment, I would just do so through my Windows Home Server, which should at a little bit of security.

My issue with that resolution is I pretty much am limited to 443 and 80 at work. I currently use serfish to get into my lab during downtime but it's kind of slow. At home I prefer to use teraterm.

The console server basically just runs linux correct? Maybe there is some sort of app that would allow such a thing.

ZeroHunter

bcall64 wrote: »

My issue with that resolution is I pretty much am limited to 443 and 80 at work. I currently use serfish to get into my lab during downtime but it's kind of slow. At home I prefer to use teraterm.

The console server basically just runs linux correct? Maybe there is some sort of app that would allow such a thing.

Ok I got you, now I understand.

Well look and see if there is a Plug-in or app for Fire-fox that would let you do the telnet the way you want, would be my first suggestion. I will have to look at the setting, but I am pretty sure that I can tell it what port to use for each device, so it might be able to be set to port 80.

And yes, it is just running Linux from a Flash Drive.

bcall64

ZeroHunter wrote: »

Ok I got you, now I understand.

Well look and see if there is a Plug-in or app for Fire-fox that would let you do the telnet the way you want, would be my first suggestion. I will have to look at the setting, but I am pretty sure that I can tell it what port to use for each device, so it might be able to be set to port 80.

And yes, it is just running Linux from a Flash Drive.

That would be neat if the listening port could be changed. That would solve my problem. Let me know if you are able to change it and I just might get one. Thanks!

Mierdin

My solution in this scenario is usually to use SSH/puTTY to tunnel from some internet location to a server at my house, then administer my equipment from there - that way I only have to have port 22 open. Anything that can use a proxy (Any web browser, and puTTY as well) can use this.

I'd see if you can run SSH from your current location over port 22. If not, you can change the port of SSH to something allowed like 80 or 443, then you're home free.

bcall64

Mierdin wrote: »

My solution in this scenario is usually to use SSH/puTTY to tunnel from some internet location to a server at my house, then administer my equipment from there - that way I only have to have port 22 open. Anything that can use a proxy (Any web browser, and puTTY as well) can use this.

I'd see if you can run SSH from your current location over port 22. If not, you can change the port of SSH to something allowed like 80 or 443, then you're home free.

Yeah 22 is disabled but if I can change the port on my routers to listen on 80 or 443 that would be ideal. I'm not sure how to configure that? Is that supported by the IOS? If not is it supported by the console server?

When you say tunnel from some internet location, you mean just use a proxy in your web browser? I'm restricted there as well. This place is locked down.

bcall64

I just answered my own question. Good ol' google.

ip ssh port <port number> rotary <0-99>

Mierdin

You've got the right idea.

Essentially this allows you to have only one point of ingress to your home network on a port that most organizations allow outbound (80). You could route connections through that server if you wanted now using puTTY tunnelling, but that's up to you.

bcall64

At this point it's no different than going out to the web and therefore doesn't increase any sort of security risk does it? I'm curious to see if because the packet may be a little different than your standard http packet if it poses a threat.

Would a firewall be able to pick that up and block it?

Mierdin

I'm no security guru (yet) but in my experience, most security devices will certainly be able to detect that it is not HTTP traffic.

There's no security risk to you, since its just like opening an SSH session to your home from anywhere else on the internet, it just depends on how **** your local security people are.

bcall64

Without saying too much our IT risk policy is stricter than anything I've ever seen.

ZeroHunter

Mierdin wrote: »

I'm no security guru (yet) but in my experience, most security devices will certainly be able to detect that it is not HTTP traffic.

There's no security risk to you, since its just like opening an SSH session to your home from anywhere else on the internet, it just depends on how **** your local security people are.

Its a bit of a 'Kludge' but as I mentioned before, I use Windows Home Server, it lets you access your home computers via Internet Explorer using the browser (port 80). Once inside that I can control any machine on my network as if I am there.

At school we have a pretty restricted firewall / packet filter also and this goes right through it with no problems, as a matter of fact they are sometimes shocked when they see it.

ZeroHunter

Here is a shot of some serious 'Mickey Mouse' type stuff:

This is my workstation accessing the Home Server via the web interface, to access the Win XP Pro box in the rack, to access the Lantronix SCS1620 via PuTTY, to access the Cisco 2611XM. Wow, I kinda wanted to see if I could do this. Note this is NOT very GREEN way to access your Cisco equipment!

bcall64

Looks like it's time to check out Windows Home server. I see your point about it not being very green though. It's worth checking out. Thanks for all the help.

Forsaken_GA

bcall64 wrote: »

That would be neat if the listening port could be changed. That would solve my problem. Let me know if you are able to change it and I just might get one. Thanks!

Depending on what you're using for a border router, you may be able to just redirect the port you're calling on after the NAT (assuming NAT is in use)

For example, when I ssh into my home servers, I ssh to a high number port (ex, 44321), but I have the border router redirect all calls to port 44321 from the outside to port 22 of a given IP on the inside.

Edit: If you're using IOS, this is simple to do -

ip nat inside source static tcp 192.168.92.3 22 interface FastEthernet0/1 44321

So in this case, any incoming connections on port 44321 on the Fa0/1 interface will be redirected to port 22 on 192.168.92.3

ZeroHunter

bcall64 wrote: »

Looks like it's time to check out Windows Home server. I see your point about it not being very green though. It's worth checking out. Thanks for all the help.

I think you can DownLoad Windows Home Server from Microsofts site for free 30 day trial if I remember correctly, and being that you want to run it to access other machines on your network you could run a virtual machine, or some older hardware that you have around.

As to its green'ness it can be done much more 'green' but just for proof of concept, I was sitting in the same room as the Cisco equipment at my workstation and had 5 machines powered up to connect to one that was 12 feet away.

Workstation to Internet
Internet to WHS
WHS to XP Pro Box
XP Pro Box to SCS1620
SCS1620 to Cisco 2611XM Router

Now if I was really doing it from outside I would not need the XP Pro Box, as I needed something to come back into the network to from the outside(for the Proof of Concept). And of course, once I am at home I only need Workstation to SCS1620 via Intranet, and from that I can access the whole Cisco Lab Rack.

Mierdin

Gah, Windoze!

Just SSH to the SCS1620. You shouldn't need windows for any of this - I have a small Wyse Thin Client I use as a linux SSH server and I use that to get to EVERYTHING.

ZeroHunter

Mierdin wrote: »

Gah, Windoze!

Just SSH to the SCS1620. You shouldn't need windows for any of this - I have a small Wyse Thin Client I use as a linux SSH server and I use that to get to EVERYTHING.

So you are SSH'ing in via your network connection and not the Console Ports? I have not done this yet, do you have the same control? My laptop does have Kubuntu on it in a dual boot configuration w/ win7.