Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
0
Helpful
2
Replies

Management port on internal network on a public facing router

edugger
Level 1
Level 1

‎10-04-2017 11:21 AM - edited ‎03-05-2019 09:14 AM

We have some disagreement on what is the best practice for setting up the management port on a cisco router.  Some people say connect it directly to the internal network, bypassing all firewalls.  Some say this could be a vulnerability in case the router ever gets compromised as there would be a direct link to the internal network.  What is best practice?

Labels:
0 Helpful
2 Replies 2

balsamovan
Level 1
Level 1

‎10-04-2017 06:06 PM

Best practice is hard to determine as every organisation has unique designs and requirements that need to be met.

I suggest you have a read of the following article, it may answer some of your concerns/questions and present you with a better idea on how to proceed further:

https://ltlnetworker.wordpress.com/2015/08/16/management-network-topology-and-asymmetric-routing/

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni

‎10-05-2017 01:57 AM

Ye I wouldn't do that , get a separate MGMT switch connect all MGMT ports back to it and have it directly connected to your firewalls in MGMT VDOM and then source all MGMT traffic from the MGMT ports on local routers , that's true oob , isolated from the current prod network
What your doing above you may aswell just use vlans
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card