[c-nsp] ASR 1000 series again: Netflow export

Benny Amorsen benny+usenet at amorsen.dk
Fri May 15 04:23:09 EDT 2009


"Elmar K. Bins" <elmi at 4ever.de> writes:

> This forces everyone with out-of-band management and monitoring
> equipment to sacrifice one of the "power ports" for management
> and again run ACL based security there. Just like in the olden
> days...

It allows the rest of us to get rid of the terminal servers and the
managed power bars. Assuming you can power cycle a failed router through
the management ports, of course. The port should be sufficiently
isolated that there is no risk of an intrusion providing the attacker
access to the management network, even if the attacker can run arbitrary
code on the router. Again, just like a serial port.

It's about time the router vendors give us the remote management
capabilities that server vendors have provided for years or decades.


/Benny



More information about the cisco-nsp mailing list