09-23-2019 08:00 AM
Hi guys,
I am looking for the best solution for Out of Band management (console access) for running network devices in DCs.
We have 2 remote small datacenters equipped with various devices (Cisco Nexus, PaloAlto FWs,...).
Basically requirements are:
- this OOB will ensure connection via console cables to devices.
- OOB network has to be fully independent from inband management and production network.ouf of band management
- connection to OOB console access should have separate internet access (4G/LTE).
- devices for OOB equipment should be from Cisco.
- if possible 2-FA should be used/integrated if possible.
Do you have any idea what boxes (Cisco console routers, firewalls, VPN access, 4G/LTE module) to use?
Many thanks for your inputs and ideas!
Hejbi
Solved! Go to Solution.
10-03-2019 12:36 AM
You can do the Lab of this, this required physical test.
i would just buy a refurbished old kit for cheap with 1 module and test onsite before I go buy with a full contract.
Some kit are EoL already, so you get cheaper price, tell the vendor you going to test this feature, if works you will buy another module.
09-23-2019 08:24 AM
Depends on the number of device, i used Old 25XX in DC environment, with ASA FW for VPN to come in OOB, in case all the Live network go down, to look at console.
high level
PC----Internet----DSL--ASA(old 5505 - you can use 550X-X here new modesl--25XX -- Device consoles.
you can also setp multi fact authentication.
09-24-2019 07:43 AM
Hi Balaji,
thanks a lot for your inputs!
We will have about 30 devices which will need console access in one DC.
I was thinking about this setup per one DC:
- 4G/LTE/DSL public Internet connection
- 1x Cisco ASA 5506-X (Base license) as VPN gateway for IPsec RA (Cisco AnyConnect)
- 1x ISR Cisco 4221 with 2x NIM-16A module
- 4x CAB-ASYNC-8 octal cable
In our production is not acceptable to have end-of-life devices.
Still have to think about the integration of 2nd factor implementation and integration on Cisco ASA FW.
Hejbi
09-24-2019 08:37 AM
All looks good for me
Since i have not tested as console access, test before buying, i have heard some one tried and failed..not sure what was the issue here.
1x ISR Cisco 4221 with 2x NIM-16A module
10-02-2019 03:11 PM
Hi Balaji,
thanks for your comment. Neither I have any experience with configuration of console terminal server, so I hope I will not have any issues with that. For now I don't have any HW where to test that... any idea when you mentioned "test before buying"? Any lab simulator?
I planned I will use official Cisco config guide for NIM-16A and some blogs describing the configuration of Console terminal servers (links below),....and then I will prey for the success to have that working :-D.
Hejbi
10-03-2019 12:36 AM
You can do the Lab of this, this required physical test.
i would just buy a refurbished old kit for cheap with 1 module and test onsite before I go buy with a full contract.
Some kit are EoL already, so you get cheaper price, tell the vendor you going to test this feature, if works you will buy another module.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide