05-29-2008 05:48 AM - edited 03-03-2019 10:09 PM
We are looking to configure out of band management for our remote cisco routers/switches and wanted to get some thoughts on the best practice for this. We are thinking of using a analog line connected to a modem and then console from there. Anyone know of better ways or recommend a modem/solution?
05-29-2008 06:10 AM
1. Modem should be connected to AUX port.
2. ISDN is another frequently used method.
Usually Out Of band management is not implemented for remote offices because of the costs associated with the deployment. Dual homing would be a preferred method.
05-29-2008 10:02 AM
I've used Baytech remote console devices at a number of installations. The units have a Modem/Console module allowing a phone line or console cable connection to the Baytech (some also have ethernet modules), and then 4 port Serial modules. You cable the serial ports to the console ports of Cisco (or other) devices. When you modem in to the Baytech you then select a serial port to connect to, and you're now on the console port of the device.
I have these at ALL of my remote sites so I can reboot the routers/switches etc. w/o the network.
Paul
P.S. You could also get an old Lucent Portmaster unit and do the same thing, or a Cisco AS5300 or similar unit. I've used those too.
05-29-2008 10:34 AM
We employ this in our network to all of our la-z-boy showrooms.
We use USR modems, connect them into the console. Forget about others telling you to use the AUX, this is if you wanted the router to call out on that port. For management use the Console. The USR allows you to pass authentication through the device, then use it as a host with a console connection.
Here are the specs on the modem and the steps we use to set this up.
http://www.cdw.com/shop/products/default.aspx?EDC=1008102
There are XXX's in place where the password is used.
Modem and Terminal Prep.
Place all switches located on the bottom of the modem in the OFF(Up) position except for switches #3, #5, and #8 in the ON(Down) position.
Prepare a PC for connection to the modem via a standard modem to PC cable. Initialize the terminal program before connecting to the modem. Set the PC for 8,N,1, No Flow Control. In the case of Hyper Terminal, set communications for âDirect Connectâ to the required COM port. Next power on the modem.
Configure the USR using the following Commands:
ati3
USRobotics Courier V.Everything EXT
OK
ats41=3&w
OK
at%p1=xxxxxx
OK
Note: Actual password will be kept in the CNS Password Database.
at%p1?
XXXXXXXX
OK
ats53=3&w
OK
at%a0=xxxxxxxx,y,n,n,,
OK
ati10
USRobotics Courier V.Everything
DIAL SECURITY STATUS
DIAL SECURITY ENABLED:[Y] LOCAL SECURITY ENABLED:[N]
PROMPTING ENABLED:[Y] FORCED AUTOPASS:[Y]
DTMF SECURITY ENABLED:[N] DTMF PASSWORD:[NO PSW]
LOCAL ACCESS PASSWORD:XXXXXXXX AUTOPASS PASSWORD:[NO PSW]
ACCOUNT PSW ACCT/E DIAL/B NEW_# PHONE #
#0 xxxxxxxx [Y] [N] [N] ,
#1 [NO PSW] [N] [N] [N]
#2 [NO PSW] [N] [N] [N]
#3 [NO PSW] [N] [N] [N]
Some portions of this display have been omitted.
OK
at%L=PW0
OK
at&b1&h0&r1&w
OK
ats53.2=1
OK
ats53.0=1.1=1
OK
ati4
USRobotics Courier V.Everything Settings...
B0 C1 E0 F1 L2 M1 Q0 V1 X7
BAUD=9600 PARITY=N WORDLEN=8
DIAL=HUNT ON HOOK TIMER
//output sniped//
LAST DIALED #:
OK
ate0&w
OK
The âate0&w â disables character echo.
Typed commands will no longer be seen after issuing this command.
Final Switch Settings
Turn the modem off and place all switches in the OFF(Up) position except for switches #1, #4, and #7 in the ON(Down) position.
Note: These switch settings will disable local communication to the modem via a directly connected PC.
Next power cycle the modem and connect to the router using a black Cisco Cable provided with the switch/router. Plug one end into the router or switch âConsoleâ port and the other into the DB-25 connector on the modem.
Note: A Cisco âConsoleâ cable( light blue) may be used with Cisco adapter P/N29-4043-01 V1
and then connected to the modem.
The phone line should be connected to the RJ-11 connector labeled âJACKâ. It is the phone connection farthest from the power connection.
Factory Settings
Setting Switch #10 to the ON(Down) position. Cycle power on the modem. It is now set to factory defaults. Return Switch #10 to the OFF(Up) position.
Typical Dialin Responses
CONNECT 9600
USRobotics Courier V.Everything Dial Security Session
Serial Number 4MBRY5OH0363
Password (Ctrl-C to cancel)? [ PASSWORD*]
Security Access granted
(Router or Switch Security)
User Access Verification
Password:
Disconnect
To disconnect from a logged in session press â+++â
When the modem returns OK, enter âathâ <
05-29-2008 11:01 AM
We use Avocent ACS devices. They're nice because you can have dial, wireless, advanced security, multiple ports, etc.
05-29-2008 11:07 AM
I have used a similar item, pearl, and also set up a 2600 with console access too.
The issue raised in out of band access.
If the link is down what is used to gain access into the router. A modem is the only way to do this.
I agree inband the unit you mentioned is awesome.
05-29-2008 11:15 AM
ISDN, secondary WAN link, public wifi, etc. The Avocents (and perle too) support many access media cards. For example the Avocents supports; ethernet (wired and wireless), analog modem, ISDN, CDMA, and GSM/GPRS. Plenty of options for when the primary WAN link goes down.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide