Solved: Cisco 2900 router OOB management

ayao · ‎10-18-2017

Hello,

Can anyone help me with this question?

Cisco 2900 router doesn't have a dedicated management port. If we put it on the internet, how can we manage it safely?

We'd like to access it through telnet/ssh and SNMP (read-only).

Is there any way we can do so without worrying about or configuring additional access-lists?

Right now what we do is that we have a terminal server connected to its console port so at least we can do configuration. But this doesn't help us to plot traffic charts. For traffic statistics, we'd need SNMP access. Although we could dedicate one interface for SNMP use, this would expose our internal network to the internet. If we use access-lists to block SNMP access from internet, this could make the configuration messy, and prone to attacks.

Is there a cleaner solution?

Thank you very much!

Mark Malone · ‎10-19-2017

Is there any way we can do so without worrying about or configuring additional access-lists?

Hi
No not without an MGMT port it will need extensive acls for in and our and then source all MGMT traffic out to use that interface , its not going to be oob it will be inband mgmt. as that's all the device is capable of without a dedicated MGMT port, its a physical limitation

View solution in original post

Mark Malone · ‎10-19-2017

Is there any way we can do so without worrying about or configuring additional access-lists?

Hi
No not without an MGMT port it will need extensive acls for in and our and then source all MGMT traffic out to use that interface , its not going to be oob it will be inband mgmt. as that's all the device is capable of without a dedicated MGMT port, its a physical limitation

ayao · ‎10-19-2017

Thank you for the information!