I second that approach. We use it for our builds whenever possible. You really do want your oob mgmt solution to be as isolated as possible from failures on the production side of things. We usually build a mgmt silo to accommodate out of band connectivity; with one or more fixed-configuration switches depending on site size and budget, firewall and ISR router. A separate circuit for remote connectivity as well with failover to IPSec/DMVPN. It's obviously more expensive but it sure goes a long way in reducing visits to customer sites.
ilo ports used to be simpler, 1 ilo port connected to one mgmt switch port. With blade chassis and the move there to reduce cabling, blades can now share one physical ilo port on their chassis/enclosure. However, that still doesn't change mgmt connectivity as you still would want to have this single physical connection on a mgmt switch. Vijay Ramcharan -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Roland Dobbins Sent: April 09, 2009 09:13 To: Cisco-nsp Subject: Re: [c-nsp] best way to network servers with management (iLO/IPMI) On Apr 9, 2009, at 8:42 PM, Drew Weaver wrote: > Ideally, I would like to be able to assign the management device a > RFC 1918 IP, have the actual server be on a different subnet > altogether but use a shared port. This isn't a good idea because of fate-sharing - you want your OOB management network to be isolated and bulletproof, and totally unaffected by any problems on the production side. You should use separate NICs, with separate cables, plugged into a separate physical network (unless you're using N7K switches with VDCs, in which case you can safely run the management network on a separate VDC on the same hardware, given the control- and management-plane isolation). ----------------------------------------------------------------------- Roland Dobbins <rdobb...@cisco.com> // +852.9133.2844 mobile Our dreams are still big; it's just the future that got small. -- Jason Scott _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ______________________________________________________________________ This e-mail has been scanned by Verizon Managed Email Content Service, using Skeptic(tm) technology powered by MessageLabs. For more information on Verizon Managed Email Content Service, visit http://www.verizonbusiness.com. ______________________________________________________________________ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/