Information
The Out-of-Band Management (OoBM) port, enabled by default, is intended to provide a means to access and manage the switch from a network segregated from production traffic. Only stations on the segregated management network can gain management access to the switch; this sharply limits the universe of devices that may attempt unauthorized access.
Switch management services can be configured to use the OoBM port rather than switch data ports. Traffic cannot be routed between the OoBM port and data ports, and the OoBM port can be assigned a dedicated gateway address. In a switch stack (backplane or VSF), a single global OoBM IP address can be assigned for the entire stack, in addition to addresses for each individual stack member.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
This example sets a global OoBM IP address on a three-switch stack, as well as individual static addresses for each of the three members:
switch(config)# oobm
switch(oobm)# ip address 10.1.0.5/24
switch(oobm)# ip default-gateway 10.1.0.1
switch(oobm)# member 1
switch(oobm member-1)# ip address 10.1.0.6/24
switch(oobm member-1)# ip default-gateway 10.1.0.1
switch(oobm member-1)# member 2
switch(oobm member-2)# ip address 10.1.0.7/24
switch(oobm member-2)# ip default-gateway 10.1.0.1
switch(oobm member-2)# member 3
switch(oobm member-3)# ip address 10.1.0.8/24
switch(oobm member-3)# ip default-gateway 10.1.0.1
To use DHCP on a standalone switch:
switch(config)# oobm
switch(oobm)# ip address dhcp-bootp
There are a couple of useful show commands that can be used to monitor the status of OoBM ports:
switch# show oobm
Global OOBM Configuration
OOBM Enabled : Yes
VSF Member 1
OOBM Port Type : 100/1000T
OOBM Interface Status : Up
OOBM Port : Enabled
OOBM Port Speed : Auto
MAC Address : 00005E-005301
VSF Member 2
OOBM Port Type : 100/1000T
OOBM Interface Status : Up
OOBM Port : Enabled
OOBM Port Speed : Auto
MAC Address : 00005E-005302
switch# show oobm ip
IPv4 Status : Enabled
IPv4 Default Gateway : 10.1.0.1
| Address Interface
VSF-member | IP Config IP Address/Prefix Length Status Status
---------- + --------- ------------------------- -------- ---------
Global | manual 10.1.0.5/24 Active Up
1 | manual 10.1.0.6/24 Active Up
2 | manual 10.1.0.7/24 Active Up