Secure your OOB!
Posted: September 7th, 2011 | Author: Jon Still | Filed under: Techie | Tags: cisco, ios, ssh | No Comments »
As anyone who has had to work with remote datacenters or remote offices will tell you, you can never have too much OOB (Out-Of-Band) access. Whether it be because you’ve fudged an ACL on a firewall or fat-fingered your route filtering, some form of remote access to your network devices comes under the heading of “bacon saver”.
A terminal server doesn’t necessarily have to be a dedicated device: as many network engineers know, a Cisco router equipped with some manner of async card makes a fairly basic but serviceable terminal server. I’ve used both 2800 and 2900 series routers equipped with HWIC-8A and HWIC-16A modules at work, while my home lab uses a 2600XM (which does double duty as one of the “BB” routers in the IPexpert topology) with an NM-16A. I’ve then equipped these devices with some kind of alternative network access – sometimes an old-school analog dialup or ISDN connection, other times a cheap ADSL connection – so that you can still get access to the site to troubleshoot when all other routes to the site are down.