Re: switch console or ip ?

[Chris Moody <cmoody () qualcomm com>]

Which indicates that you only have half of an "out of band" management
network built.  At one ISP I worked for in years past, we had separate
term servers at each remote location...specificly for the management of
the devices.  Absolutely -0- of our mgmt traffic traversed the production
links.

the network team LOVED each other (poking fun... ;o) ...)

Anyway, if you shop around for a good terminal server solution, you can
keep your devices transparent to the production traffic...manage them via
a completely separate network...and even build it to allow dial-in backup
connections should your mgmt net fail for any reason.

I never had to drive from Denver to NYC to recover a device either.

Just my experience.

Cheers,
-Chris

On Wed, 20 Oct 2004, xyberpix wrote:

> Definately!!
> So long as no-one else "untrustworthy" has physical access to the switch.
> We do this on all our switches, it's not the only way to secure them, but
> it does make it quite a bit more difficult to gain access to, and to
> manage. Your network team will probably hate you if you go this route, but
> hey.
>
> xyberpix
>
> On Mon, 18 October, 2004 9:06 pm, Okiwaso said:
> > Would it be more secure to only enable access to a Cisco switch via
> > console
> > so Cisco exploits could not potentially reach it through internet traffic
> > that may have got past firewall, IDS, etc ?
> >
> > Thanks,
> > Oki
>
>
> --
> For security and Opensource news check out:
> http://xyberpix.demon.co.uk