cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3123
Views
10
Helpful
5
Replies

Ouf-of-band management design

Hejbi
Level 1
Level 1

Hi guys,

I am looking for the best solution for Out of Band management (console access) for running network devices in DCs.

We have 2 remote small datacenters equipped with various devices (Cisco Nexus, PaloAlto FWs,...).


Basically requirements are:
- this OOB will ensure connection via console cables to devices.
- OOB network has to be fully independent from inband management and production network.ouf of band management
- connection to OOB console access should have separate internet access (4G/LTE).
- devices for OOB equipment should be from Cisco.
- if possible 2-FA should be used/integrated if possible.

 

Do you have any idea what boxes (Cisco console routers, firewalls, VPN access, 4G/LTE module) to use?
Many thanks for your inputs and ideas!

Hejbi

 

 

1 Accepted Solution

Accepted Solutions

You can do the Lab of this, this required physical test.

 

i would just buy a refurbished old kit for cheap with 1 module and test onsite before I go buy with a full contract.

Some kit are EoL already, so you get cheaper price, tell the vendor you going to test this feature, if works you will buy another module.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

Depends on the number of device, i used Old 25XX in DC environment, with ASA FW for VPN to come in OOB, in case all the Live network go down, to look at console.

 

high level

 

PC----Internet----DSL--ASA(old 5505 - you can use 550X-X here new modesl--25XX -- Device consoles.

 

you can also setp multi fact authentication.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

thanks a lot for your inputs!
We will have about 30 devices which will need console access in one DC. 


I was thinking about this setup per one DC:

- 4G/LTE/DSL public Internet connection
- 1x Cisco ASA 5506-X (Base license) as VPN gateway for IPsec RA (Cisco AnyConnect)
- 1x ISR Cisco 4221 with 2x NIM-16A module
- 4x CAB-ASYNC-8 octal cable

In our production is not acceptable to have end-of-life devices.

Still have to think about the integration of 2nd factor implementation and integration on Cisco ASA FW.

Hejbi 

 

 

 

All looks good for me

 

Since i have not tested  as console access, test before buying, i have heard some one tried and failed..not sure what was the issue here.

 

1x ISR Cisco 4221 with 2x NIM-16A module

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

thanks for your comment. Neither I have any experience with configuration of console terminal server, so I hope I will not have any issues with that. For now I don't have any HW where to test that... any idea when you mentioned "test before buying"? Any lab simulator?

I planned I will use official Cisco config guide for NIM-16A and some blogs describing the configuration of Console terminal servers (links below),....and then I will prey for the success to have that working :-D.

 

https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/NIM/software/configuration/guide/Async-Serial-NIM-16-24-Port-xe-16-book.html

https://medium.com/@danielceckert/use-a-cisco-2600-series-router-as-a-serial-console-server-f7113e64437b

 

Hejbi

 

You can do the Lab of this, this required physical test.

 

i would just buy a refurbished old kit for cheap with 1 module and test onsite before I go buy with a full contract.

Some kit are EoL already, so you get cheaper price, tell the vendor you going to test this feature, if works you will buy another module.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco