Out-Of-Band Management over IPSec and OSPF Area Design

Hello,
i'm planning to implement Out of band management over OSPF over IPSec Tunnel and i have a question about the OSPF area design (please see attached figure).
As network administrator our NOC is sitting in OFFICE (OSPF Area 1). Internet access is guarenteed over our DCs (Multihomed BGP peering).
Additionally we have a second internet access at OFFICE where i want to use for IPSec Tunnel and building a OSPF neighboring to our Out-of-Band Firewall, which they too have theire own internet access.
I'm planning to declare this IPSec Tunnel as OSPF AREA 3 and AREA 4 respectively for DC1 and DC2. There are no subnet overlapping.
My Question is if I should connect both areas 3 and 4 at OFFICE to the backbone area over a virtual-link or not? Would be an disadvantage if i wont use the virtual-link?
Thx for any reply

1.The AUX port on Cisco routers is either RJ-45 or DB-25. If the AUX port is RJ-45, use a flat-satin rolled RJ-45--RJ-45 cable (part number CAB-500RJ= ), which is usually provided with every Cisco router for console connections. You also need an RJ-45 to DB-25 adapter marked "MODEM" (part number CAB-25AS-MMOD) to connect the rolled cable to the DB-25 port on the modem.
2. if your router has a DB-25 AUX port, use a straight-through DB-25Female - DB25Male RS-232 cable to connect the modem to the router.
Use this document.
http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080094bbc.shtml

Similar Messages

  • AMT Computer Object Creation in Out of Band Management

    Just configured our Out of Band Management / AMT settings and we're getting all our AMT systems provisioned successfully. I've noticed that now, in SCCM 2012, the AMT object that gets created are Computer objects in AD. Their objectCategory is
    CN=Computer,CN=Schema,CN=Configuration,DC=mydomain,DC=com
    Back in the SCCM 2007 days, They were Person objects in AD. We still have some in AD.
    CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=com
    Is this the default setting or do I have the option to change it?
    Orange County District Attorney

    Since no one has answer this post, I recommend opening  a support case with CSS as they can work with you to solve this problem.
    Garth Jones | My blogs: Enhansoft and
    Old Blog site | Twitter:
    @GarthMJ

  • Out OF band Management options 2014

    Hi i remember in early days we use to install a 2610 XM along with 16 port NM-16A with CAB-OCTAL-ASYNC cable for out of band management of routers and switches. Since 2610 XM series is obselete, what is latest option for this setup? 2610 XM replaced by 2911 , and i believe 2911 dont support NM-16a modules, so how to console router remotely now? what setup your guys are using now a days? any suggestions would be helpful.

    Avocent (I use these)
    http://avocent.com/products/serial-consolemanagement.aspx
    Raritan
    http://www.raritan.com/products/serial-console-switches/
    Digi
    http://www.digi.com/products/consoleservers/digicm.jsp
    Perle
    http://www.perle.com/products/Console-Server.shtml?source=google&group=USCanServers&campaign=consoleservers&gclid=CLTYjJ-VvpkCFQgNDQod2T-7Jw
    Hope that helps.

  • C220M3 Out of Band Managment

    I am trying to use the out of band managment port (RJ45 port) on the back of the C220M3 server so we can connect it to an MRV. Does anyone know what the baude rate is? I would think 9600, N, 8,1 and tried several buade rates, but I could not get in. Does anyone have any ideas?                  

    The Management interface is an OOB network interface, not a console port. 
    You might want to review the following documents for configuring & accessing the CIMC interface via GUI or CLI.
    http://www.cisco.com/en/US/partner/products/ps10739/products_installation_and_configuration_guides_list.html
    Regards,
    Robert

  • What client settings for BIOS or MEBx do I need preconfigure for Out Of Band Management in SCCM 2012?

    Hi,
    On the Client:
    What BIOS or MEBx setting do I need preconfigure for Out Of Band Management in SCCM 2012?  
    Or can I remotly configure BIOS or MEBx settings from SCCM 2012 or Intel SCS?
    /SaiTech

    Thanks,
    Now I see, with Intel SCS add-on for SCCM 2012 it will be the most simple solution. Even better than to have Intel scs standalone, that was an complex setup on dhcp and so on...
    Just one thing more, When you configure AD for AMT you have to set a OU. but if you have computers in two ou, I cant see how I can configure that?
    /SaiTech

  • Question about creating Certificates for Out of Band management

    I would like to use out of band management for supporting clients in remote offices.  I am following the instructions at http://technet.microsoft.com/en-us/library/230dfec0-bddb-4429-a5db-30020e881f1e#BKMK_AMT2008_cm2012 in the "Deploying Certificates
    for AMT" section.  It says:
    If you cannot complete steps 18 or 19, check that you are using the Enterprise Edition of Windows Server 2008. Although you can configure templates with Windows Server Standard Edition and Certificate Services, you cannot deploy certificates using modified
    certificate templates unless you are using the Enterprise Edition of Windows Server 2008.
    My Certificate Authority server is Server 2008R2 Standard.  When I right click on Certificate Templates -> New -> Certificate Template to Issue, I do not see the ConfigMgr AMT Provisioning and ConfigMgr AMT Web Server Certificates.  I know
    the box says 2008 Standard isn't supported, but I am using 2008R2 Standard, not 2008.  Why am I not able to see either certificate.  If it is because I am using the Standard Edition, than how can I create the certificates needed?  Upgrading
    to Enterprise is not an available solution (cost reasons).  Does this mean that OOB management certificate creation is not supported on Server 2008R2 Standard, and so I will not be able to use ConfigMgr 2012 SP1 for out of band management because I am
    unable to generate the required certificates?

    Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?
    In order to use the cert template, you must use an Enterprise version of Windows. Only the Enterprise (or datacenter) version have the right version of the Certificate server.
    Garth Jones | My blogs: Enhansoft and
    Old Blog site | Twitter:
    @GarthMJ

  • Lenovo vPro Out-of-band Management

    I have a few Lenovo T430s here and I'm testing out the use of some of the Out-of-Band management features supported by AMT/vPro. I'm using SCCM 2012. Specifically I'm trying to figure out how to collect or change BIOS settings while it's off and if I can wipe
    the hard drive while the system is off.  If I could also look into battery health that would nice too. Any ideas?
    If not, are there any suggestions for how to do this for multiple number of devices while on?
    What do people usually use to do for this kind of thing? Are these tasks that requires a lot of background work to make happen in band?
    Here are some of the ideas for managing in-band.
    Ideas for BIOS settings collection/changing
    Powershell Scripts and Task Sequence (though I'd prefer not to have to code out everything I need)
    WMI
    Server Essentials
    Ideas for Hard drive Wipe
    Task Sequence

    Hi,
    Take a look at this blog.
    http://blogs.technet.com/b/configmgrteam/archive/2009/03/17/out-of-band-management-overview.aspx
    If you want to wipe the disk, you may boot from a remote image and format the disk.
    If you want to do it in band to change the BIOS settings, I think it needs the Motherboard's support, some motherboards have a commend tool that can change BIOS settings in band. If your motherboard has, distribute it as software package or within script.
    Juke Chou
    TechNet Community Support

  • Data center out-of-band management network

    Would "Cisco Prime Data Center Network Manager" be classed as an out-of-band management tool that I could use on a 2 tier data centre?
    If not what solutions could I have for a data center that has a bunch of racks with servers and switches in that connect to an aggregation switch?

    My take on "out-of-band" depends not so much on the tool but rather on how it accesses the managed devices.
    Most Cisco data center devices have a management port that is independent of the data plane (separate communications processor, separate VRF).
    If you communicate to that port using a system and via a network not co-mingled with your user traffic, then you have an out-of-band management tool.

  • Nexus 7K out of band Management interface

    Dears,
    regarding to the out of band Management interface , if I configured an intervace vlan to be as a managment interface for one vdc ( the default vdc )
    , when I connected to this vdc via telnet , can I switch to any other vdc ?  ( suppose that I have the Admin role which allows me to enter and config all the vdc's )
    If that is possible so that I dont have to make a dedicated managment ip for each VDC
    I need to do that only if I want to make vdc admin's account to allow some users to access specific vlans only , is that true ?

    Hi,
    Yes, it is possible.  When you login as admin and you want to get to another vdc, you just use this command:
    switchto vdc
    This will take to the that vdc.  If you want to switch back to the admin vdc, you just type "switchback"
    HTH

  • SCCM out of band management

    SCCM has out of band managment ability, and it has a check box:
    "Enable BIOS password bypass for power on and restart command"
    I am not sure the meaning of BIOS passwrod since we could set both power on password and hdd password in BIOS.
    It means we could bypass both power on password and hdd password?

    Anoop,
    Will you help by explaining on this in detail?
    Kindly let me know which is the best ipmi tool to be used to display the server
    hardware details in SCOM management packs while I have to monitor at least 300 servers. I am aware of IPMITool.exe. IPMIUtil.exe etc. Same time,
    I am concerned about following points:
    1. Performance impact in a agent based system
    2. Performance impact in a agentless scom system
    3. Performance impact if the executable is running only in SCOM server
    4. Retrieving data out of band directly from BMC while OS is not running
    5. Is there any solution to avoid binding issues with BMC when concurrent calls are
       made by such tools to retrieve out of band inventory (IPMI) details.
       How to handle binding issues?
    regards
    scomdev
    SCOMDev

  • Vdc out of band management

    I saw this digram from Cisco,but no configuration example. Right now I have nexus 7010 with sup 2 version 6.2.2. I could not assign the interface mgmt 0 to the different VDC. Do anyone do out of band management for VDCs? or can anyone let me know how could I configure the out of band management for vdc?
    Thanks a lot.
    Regards

    Hi Pille,
    Thanks for your reply. I switch to the vdc and I did not find the "int mgmt0" in these VDCs, the mgmt0 only exists in the system VDC. In this case, I do not know how to configure the seperatt IP for every context. Could you share with me more details for the configuration?
    Thanks
    Regards
    Ying Wang

  • 4500X Out-of-Band Management port

    I am attempting to set up the FastEthernet management port on some 4500x switches that we have recieved for Out-of-Band management, but I am unable to get them working.  I have set this up before on ASR1004 routers and have not had any troubles with them, although I have noticed that they use a different mangement vrf name.  
    I have added the IP address to the FastEthernet1 port, applied a default route for the vrf (e.g. ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 x.x.x.x), and connected the port to my switch.  I am unable to ping the out-of-band management IP from anywhere, inside or outside of its subnet, and I am unable to ping out from the 4500x using the ping vrf mgmtVrf <IP address> command.  When I run a show interface Fa1 command on the 4500x and on the switch its connected to, they both show that they are sending traffic but neither shows that its recieving any traffic.  I have tried connecting a laptop directly to the FastEthernet port, set it statically to the same subnet, and am still unable to ping the managment interface.  I ran a Wireshark capture on the laptop and I show no traffic coming from the management port on the switch, even though when I check the  show interface command it shows that the port is sending packets.  I have attempted this on two separte 4500x switches so far with the same results.  We are running IOS-XE 03.04.04.SG on both switches with the entservices license.  Any help would be appreciated.
    Thanks,
    Jesse

    Here is the show int fa1 and show run int fa1 while I had the laptop connected and attempted to ping both directions.
    interface FastEthernet1
     vrf forwarding mgmtVrf
     ip address 172.16.1.10 255.255.0.0
     speed auto
     duplex auto
    end
    FastEthernet1 is up, line protocol is up
      Hardware is RP management port, address is f40f.1b56.9c57 (bia f40f.1b56.9c57)
      Internet address is 172.16.1.10/16
      MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full-duplex, 1000Mb/s, 100BaseTX/FX
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:06:29, output never, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/0 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         0 packets input, 0 bytes
         Received 0 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog
         0 input packets with dribble condition detected
         402 packets output, 101340 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 babbles, 0 late collision, 0 deferred
         8 lost carrier, 0 no carrier
         0 output buffer failures, 0 output buffers swapped out

  • Out of Band Management (D-Link modem)

    Hi Guys,
    I have an issue with the Out of Band Management.
    It works with most of our routers, but it doesn't work with routers with new IOS.
    The IOS version of our new routers is 15.0(1)M2.
    The configuration of all the routers' Aux port is below:
    line aux 0
    exec-timeout 3 0
    modem InOut
    transport input all
    stopbits 1
    flowcontrol hardware
    The configuration of the d-link modem is below:
    ats0=1
    ats2=127
    ats37=9
    ate1
    atq1
    at&c1
    at&d2
    at&s1
    at&k0
    at&r0
    I tried different configuration combinations without any luck.
    The diagnostic reason I'm getting from the D-link modem is:
    DIAG <2A4D3263 0=10>      ß   Diagnostic Command Specification revision number
    DIAG <2A4D3263 1=00>     ß   Call Setup Result code  =  No previous call
    DIAG <2A4D3263 60=50>   ß   Termination Cause  =  AnyKeyAbort Call Control
    Disconnect Type
    Disconnect Reason Code
    Description
    3
    0x007
    The AT dial command was aborted . The AT dial command was aborted by the any key abort command. For example, the host modem originates a call. During connection establishment, prior to STEADY STATE, pressing any key will cause the AT dial command to be aborted.
    Disconnect Type
    Disconnect Type (Hex)
    Description
    3
    0x6...
    Condition occurred during call setup.
    Has any of you guys dealt with this issue before?
    I would appreciate it if you can share it.
    Thanks,
    Regards,

    tray cable with this scheme of pin connector
    RJ45 DB9
    1 7
    2 4
    3 3
    4 5
    5 5
    6 2
    7 1
    8 8
    init string at&F1S0=1

  • Out of Band Management aka Lights Out ala ALOM/LOM/iLO ?

    I'm researching Xserve hardware for a project at work and am having a hard time finding out if these are real servers or not.
    By real server I mean that an out of band lights out management facility is there. One which would allow you to connect via serial or network (preferred) to a service processor. The service processor would then let you power the machine on/off, change firmware settings to ie: boot from network on the next boot, or from disk 3 or what-have-you.
    It should also give you access to the text console at a minimum once the os has loaded, and optionally let you see the gui (if there is any graphics adaptor installed).
    Something akin to Sun's LOM or ALOM, or HP's iLO facilities.
    If it isn't there, then this project isn't going to work with Xserves.

    Like you, I'm very familiar with Sun various LOM implementations. The ALOM is, IMHO, by far the most useful one [RSC supports telnet not SSH; eLOM is IPMI 2.0 like Apple but very clunky to work with in the CLI].
    The IPMI BMC present in the Xserve has a ton of capabilities, including Serial-over-LAN (SOL) for remote console access, but most features are (currently) unused. Apple ships the open-source ipmitool, as does Sun on S10 x64 systems, but no man pages (sourceforge has them); I think this is telling about how much effort has been put in to the Lights Out capability so far. I have been able to remotely query the Xserve LOM using ipmitool (from a Sun box) for various environmental conditions and to simply power-on/off the box. The GUI Server Manager client has equivalent functionality.
    While I can enable the SOL capability with ipmitool, I don't (yet) know how to connect for serial console access. One other point of frustration so far has been that the RS-232 console port on the Xserve is only used for getty to listen on; thus if the box is not fully booted, the console port does no good whatsoever.
    Don't get me wrong though; we are slowly replacing our Sun equipment with Xserve systems, as they offer much greater capability and easier management (in general) at a significantly lower cost than Sun. I just wish Apple would fix some of the basic Lights Out functionality that we have come to expect.
    Xserve Quad Xeon   Mac OS X (10.4.9)  

  • Remote out-of-band management for my me3400

    Dear all , I need to solve a little anoying situation at work.
    My me3400 that work as a big layer2 traffic conentrator for 5 500mbps radio links and is located very far from the head-end office.
    Every time I need to make a change on the configuration I have to use telnet access through the same main traffic link ,(in-band-management).
    It is really frustrating when you apply a wrong line and your management session goes down .... In my case I need to take the car and drive many kilometers to the site , connect to console port and rollback.
    So ...Im thinking , one solution could be some kind of protocol converter ethernet-serial , so I can leave the device near my me3400 and connected to a different link of course.
    I saw this :
    http://www.perle.com/products/techspecs/IOLAN-SCS-diagrams.shtml
    IOLAN solution seems to be good, is there any other way to achieve this ?  Other idea ?
    THX,
    Leo.

    Leo, ethernet-serial is a great solution and there are various ways of accessing your me3400 out-of-band.
    As a Cisco dev partner, we(WTI) make a variety of OOB console servers with either dual ethernet(using maintenance or production network), built-in dial-up modem or 3g modem support that give you telnet, ssh or web access. There's no need to drive to the site as you will have multiple ways to access the console port even when production network is down.
    Ethernet-Serial:
    https://marketplace.cisco.com/catalog/products/1401
    In some cases the rollback will also require a hard power reboot, which can be done with a console server + power reboot combo.
    Console/Reboot Combo:
    https://marketplace.cisco.com/catalog/products/1215
    Hope that helps!
    -Dustin

Maybe you are looking for