Network Management

last person joined: yesterday 

Keep an informative eye on your network with IMC and AirWave network management solutions.
Expand all | Collapse all

University Out of Band Management

This thread has been viewed 12 times
  • 1.  University Out of Band Management

    Posted Apr 20, 2021 11:12 PM
    We are researching possible methods of out of band management for our university network. We have about 42 buildings with fiber connectivity to each building. Aside from installing a fiber transceiver to each building connected to the management port on the switch we don't know of another way to manage the switches Other than in-band management. Is out of band management not really beneficial with our three way our buildings are connected?


  • 2.  RE: University Out of Band Management

    Posted Apr 21, 2021 07:05 AM
    Out of band management is key if:

    1. When planning, Security Policy mandates that you only allow SSH/HTTPS connection to manage the switch via OOB.
    2. You support a current management network with network access policies that restrict SSH/HTTPS only to that subnet/subnets

    The out of the box benefit is that the management network sits on a separate VRF, or virtual routing and forwarding, instance and will not allow an unauthorized user to gain access to other are4as of your network if they get on your switch. You can still do this with in band management by putting your management VLAN into its own VRF as well. With this you still have to route the traffic internally, and apply network policy where needed to not allow malicious users to propagate.

    Dustin Burns

  • 3.  RE: University Out of Band Management

    Posted Apr 26, 2021 07:43 AM
    One other reason for Out-of-band management could be if you see the risk that your in-band management may become unavailable, like if links are getting flooded or are unstable and you need to connect over these links to connect to your switches. This does require the out-of-band management network to be fully separated.

    If you are happy with in-band management and have locked that down enough with ACLs, manager-IPs, separate VLANs, etc, I would not see a reason to use OOBM.

    As Dustin mentioned, make sure your management VLAN or OOBM network will not the ideal entry point for attackers to get into all management interfaces without any restrictions.  Having an OOBM may even be a risk over in-band management with secure and encrypted management protocols like SSH and HTTPS.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.