FreeBSD Remote Serial Console Access With Dell and Cisco Servers

Mon 01 May 2017 by feld

I have become allergic to Java. It seems every time I need to access a server console my system is throwing fits about Java security. I've spent hours trying to fix a Java issue which was preventing me from fixing a server I needed console access to. I will show you how to end this madness.


You should always enable the serial console on your servers. You never know when you will need it, and it is a prerequisite for this exercise. On FreeBSD you will want to do the following:



Enable ttyu0 always by changing onifconsole to on in /etc/ttys:

ttyu0   "/usr/libexec/getty 3wire"      vt100   on secure

On releases before 10.3-RELEASE you also change std.9600 to std.115200 as 3wire is not available:

ttyu0   "/usr/libexec/getty std.115200"      vt100   on secure

When complete you will need to enable it with kill -HUP 1. You can find more details on this in the FreeBSD handbook.


On Dell servers you will need to enable the serial console in the BIOS. If you have multiple serial ports the following configuration should allow both the physical and virtual serial ports to function as intended. Here is a screenshot of my BIOS settings:


You will also want to enable IPMI. This can be done in the DRAC settings on boot in the following screenshot, or you can SSH to the DRAC console and enable it there with the rest of the settings.


To finish the setup we SSH to the DRAC console and run the following commands:

# The DRAC shell is usually prefixed with something like /admin1-> but
# I will not print it here so you can easily copy/paste this
racadm config -g cfgSerial -o cfgSerialBaudRate 115200
racadm config -g cfgSerial -o cfgSerialCom2RedirEnable 1
racadm config -g cfgSerial -o cfgSerialSshEnable 1
racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1
racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate 115200
racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1

There are settings to limit DRAC network access (HTTPS, SSH, IPMI) to a specific subnet, but I strongly suggest you do not place your DRAC on the internet and protect it with a real firewall. It would be reasonable to enable this bruteforce protection if you wish to do so. The following blocks for 5 minutes after 5 failed attempts:

racadm config -g cfgRacTuning -o cfgRacTuneIpBlkEnable 1
racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailCount 5
racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailWindow 60
racadm config -g cfgRacTuning -o cfgRacTuneIpBlkPenaltyTime 300

Now you have remote access to your server without Java. You can access it with one of the following:


$ ssh root@
/admin1-> console com2


$ ipmitool -I lanplus -U root -H sol activate

Both of these will render best if your terminal window is 80x24.

Cisco CIMC

Assuming you've already provisioned an IP address for your Cisco CIMC and it is accessible on the network you can simply ssh into the CIMC and run the following commands:

cisco-cimc# scope sol
cisco-cimc /sol # set baud-rate 115200
cisco-cimc /sol *# set enabled yes
cisco-cimc /sol *# commit
cisco-cimc /sol # show
Enabled Baud Rate(bps)  
------- --------------- 
yes     115200          
cisco-cimc# top
cisco-cimc# scope ipmi
cisco-cimc /ipmi # set enabled yes
cisco-cimc /ipmi *# commit
cisco-cimc /ipmi # show
Enabled Encryption Key                           Privilege Level Limit 
------- ---------------------------------------- --------------------- 
yes     0000000000000000000000000000000000000000 admin      
db02-ipmi /ipmi # 

Or for your copy/paste speedrun:

scope sol
set baud-rate 115200
set enabled yes
scope ipmi
set enabled yes

Now you can connect to the serial console by one of the following:


$ ssh admin@
cisco-cimc# connect host


$ ipmitool -I lanplus -U admin -H sol activate

The Cisco CIMC also allows you to mount remote media from a fileshare or HTTP/HTTPS URL which is fantastic for troubleshooting. :-)