Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

is it a security risk to plug internet router management port into the LAN?

I have to install an ASR1001 on the internet for my company.  I noticed the ASR1001 has a dedicated managment port and I was wondering if it's a security risk to have this mangment port directly connected to my LAN, so I can mange it from my desk.

I only want to manage the ASR from this port and I won't be doing any management through its public IP address.  Is it possible for an attacker to compromise the router then have access to the network though this managment port?

Everyone's tags (1)
Hall of Fame Super Silver

It is a non-zero risk and you

It is a non-zero risk and you have to evaluate that in the context of the network (and assets on it) that you are protecting.

If you harden the router and lock down your in-band access tightly it is a very small risk.

As Marvin stated it is pretty

As Marvin stated it is pretty low risk. That particular port belongs to a Management VRF and cannot be removed/changed from it. If you properly secure the global VRF (disable telnet,ssh, http, etc) it's darn near impossible.

CreatePlease to create content