Management communications with a managed switch can be:
Out-of-band ports have typically been serial console ports using DB-9 or specially wired 8-pin modular (RJ-style) connectors. Some recent HP switches have added networked OOBM ports. Management ports shows management connections for a typical switch.
OOBM operates on a "management plane" that is separate from the "data plane" used by data traffic on the switch and by in-band management traffic. That separation means that OOBM can continue to function even during periods of traffic congestion, equipment malfunction, or attacks on the network. In addition, it can provide improved switch security: a properly configured switch can limit management access to the management port only, preventing malicious attempts to gain access via the data ports.
Network OOBM typically occurs on a management network that connects multiple switches. It has the added advantage that it can be done from a central location and does not require an individual physical cable from the management station to each switch's console port.
Switch management ports summarizes the switch management ports.
Switch management ports
In band | Out of band | ||
---|---|---|---|
Networked | Directly connected | Networked | |
Management interface | Command line (CLI), menu, Web | Command line (CLI), menu | Command line (CLI), menu |
Communication plane | Data plane | Management plane | Management plane |
Connection port | Any data port | Dedicated serial or USB console port | Dedicated networked management port |
Connector type | Usually RJ-45; also CX4, SFP, SFP+, and XFP | DB9 serial, serial-wired 8-pin RJ | RJ-45 |
Advantages | Allows centralized management | Not affected by events on data network, shows boot sequence | Not affected by events on data network, allows centralized management, allows improved security |
Disadvantages | Can be affected by events on data network; does not show boot sequence | Requires direct connection to console port (can be done via networked terminal server) | Does not show boot sequence |
In a typical data center installation, top-of-rack switches connect servers to the data network, while the management ports of those switches connect to a physically and logically separate management network. This allows network administrators to manage the switches even if operation on the data network is disrupted.
In Network OOBM in a data center, the switches face the hot aisle of the data center, allowing easy connection to the network ports on the backs of the servers.
For even more control, the serial console ports of the switches can be connected to the management network through a serial console server (essentially, a networked serial switch), allowing the network administrators to view the CLI activity of each switch at boot time and to control the switches through the console ports (as well as through the management ports).
The table below shows the switch applications that are supported on the OOBM interface as well as on the data interfaces. In this list, some applications are client-only, some are server-only, and some are both.
Application | Inbound OOBM (server) | Outbound OOBM (client) | Inbound data plane (server) | Outbound data plane (client) |
---|---|---|---|---|
Telnet | yes | yes | yes | yes |
SSH | yes | [N/A] | yes | [N/A] |
SNMP | yes | yes[*] | yes | yes |
TFTP | yes | yes | yes | yes |
HTTP | yes | [N/A] | yes | [N/A] |
SNTP | [N/A] | yes | [N/A] | yes |
TIMEP | [N/A] | yes | [N/A] | yes |
RADIUS | [N/A] | yes | [N/A] | yes |
TACACS | [N/A] | yes | [N/A] | yes |
DNS[**] | [N/A] | yes | [N/A] | yes |
Syslog | [N/A] | yes | [N/A] | yes |
Ping | yes[***] | yes | yes[***] | yes |
Traceroute | yes[***] | yes | yes[***] | yes |
[N/A] N/A = not applicable [*] *=SNMP client refers to SNMP traps as they originate from the switch. [**] **=DNS has a limit of two servers—primary and secondary. Either can be configured to use the OOBM interface. [***] ***=Ping and Traceroute do not have explicit servers. Ping and Traceroute responses are sent by the host stack. |
For applications that have servers, oobm/data/both
options have been added to listen mode. There is now a listen
keyword in the CLI commands to allow selection of those options. Default value is both
for all servers.