Out of band management for remote offices

Unanswered Question
May 29th, 2008

We are looking to configure out of band management for our remote cisco routers/switches and wanted to get some thoughts on the best practice for this. We are thinking of using a analog line connected to a modem and then console from there. Anyone know of better ways or recommend a modem/solution?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Pavel Bykov Thu, 05/29/2008 - 06:10

1. Modem should be connected to AUX port.

2. ISDN is another frequently used method.

Usually Out Of band management is not implemented for remote offices because of the costs associated with the deployment. Dual homing would be a preferred method.

PAUL TRIVINO Thu, 05/29/2008 - 10:02

I've used Baytech remote console devices at a number of installations. The units have a Modem/Console module allowing a phone line or console cable connection to the Baytech (some also have ethernet modules), and then 4 port Serial modules. You cable the serial ports to the console ports of Cisco (or other) devices. When you modem in to the Baytech you then select a serial port to connect to, and you're now on the console port of the device.

I have these at ALL of my remote sites so I can reboot the routers/switches etc. w/o the network.

Paul

P.S. You could also get an old Lucent Portmaster unit and do the same thing, or a Cisco AS5300 or similar unit. I've used those too.

Rick Morris Thu, 05/29/2008 - 10:34

We employ this in our network to all of our la-z-boy showrooms.

We use USR modems, connect them into the console. Forget about others telling you to use the AUX, this is if you wanted the router to call out on that port. For management use the Console. The USR allows you to pass authentication through the device, then use it as a host with a console connection.

Here are the specs on the modem and the steps we use to set this up.

http://www.cdw.com/shop/products/default.aspx?EDC=1008102

There are XXX's in place where the password is used.

Modem and Terminal Prep.

Place all switches located on the bottom of the modem in the OFF(Up) position except for switches #3, #5, and #8 in the ON(Down) position.

Prepare a PC for connection to the modem via a standard modem to PC cable. Initialize the terminal program before connecting to the modem. Set the PC for 8,N,1, No Flow Control. In the case of Hyper Terminal, set communications for “Direct Connect” to the required COM port. Next power on the modem.

Configure the USR using the following Commands:

ati3

USRobotics Courier V.Everything EXT

OK

ats41=3&w

OK

at%p1=xxxxxx

OK

Note: Actual password will be kept in the CNS Password Database.

at%p1?

XXXXXXXX

OK

ats53=3&w

OK

at%a0=xxxxxxxx,y,n,n,,

OK

ati10

USRobotics Courier V.Everything

DIAL SECURITY STATUS

DIAL SECURITY ENABLED:[Y] LOCAL SECURITY ENABLED:[N]

PROMPTING ENABLED:[Y] FORCED AUTOPASS:[Y]

DTMF SECURITY ENABLED:[N] DTMF PASSWORD:[NO PSW]

LOCAL ACCESS PASSWORD:XXXXXXXX AUTOPASS PASSWORD:[NO PSW]

ACCOUNT PSW ACCT/E DIAL/B NEW_# PHONE #

#0 xxxxxxxx [Y] [N] [N] ,

#1 [NO PSW] [N] [N] [N]

#2 [NO PSW] [N] [N] [N]

#3 [NO PSW] [N] [N] [N]

Some portions of this display have been omitted.

OK

at%L=PW0

OK

at&b1&h0&r1&w

OK

ats53.2=1

OK

ats53.0=1.1=1

OK

ati4

USRobotics Courier V.Everything Settings...

B0 C1 E0 F1 L2 M1 Q0 V1 X7

BAUD=9600 PARITY=N WORDLEN=8

DIAL=HUNT ON HOOK TIMER

//output sniped//

LAST DIALED #:

OK

ate0&w

OK

The “ate0&w “ disables character echo.

Typed commands will no longer be seen after issuing this command.

Final Switch Settings

Turn the modem off and place all switches in the OFF(Up) position except for switches #1, #4, and #7 in the ON(Down) position.

Note: These switch settings will disable local communication to the modem via a directly connected PC.

Next power cycle the modem and connect to the router using a black Cisco Cable provided with the switch/router. Plug one end into the router or switch “Console” port and the other into the DB-25 connector on the modem.

Note: A Cisco “Console” cable( light blue) may be used with Cisco adapter P/N29-4043-01 V1

and then connected to the modem.

The phone line should be connected to the RJ-11 connector labeled “JACK”. It is the phone connection farthest from the power connection.

Factory Settings

Setting Switch #10 to the ON(Down) position. Cycle power on the modem. It is now set to factory defaults. Return Switch #10 to the OFF(Up) position.

Typical Dialin Responses

CONNECT 9600

USRobotics Courier V.Everything Dial Security Session

Serial Number 4MBRY5OH0363

Password (Ctrl-C to cancel)? [ PASSWORD*]

Security Access granted

(Router or Switch Security)

User Access Verification

Password:

Disconnect

To disconnect from a logged in session press “+++”

When the modem returns OK, enter “ath” <

Rick Morris Thu, 05/29/2008 - 11:07

I have used a similar item, pearl, and also set up a 2600 with console access too.

The issue raised in out of band access.

If the link is down what is used to gain access into the router. A modem is the only way to do this.

I agree inband the unit you mentioned is awesome.

Collin Clark Thu, 05/29/2008 - 11:15

ISDN, secondary WAN link, public wifi, etc. The Avocents (and perle too) support many access media cards. For example the Avocents supports; ethernet (wired and wireless), analog modem, ISDN, CDMA, and GSM/GPRS. Plenty of options for when the primary WAN link goes down.

Actions

This Discussion