> I see two ways one can go about this. Either programmatically tunnel into > an OOB L2 segment via a "bastion" host in an on-demand fashion, or point > some routes (dynamically, or otherwise) into your internal network for > management use. > > The risk of pointing routes into your internal network, IMO, is that > very-specific ACLs for management access can begin to have a blurred > distinction. RFC-1918 space can overlap, and public IPs within an internal > network can sometimes overlap with an active transit path. > > Why not just use a normal port/vlan, plug it where you would've plug fxp0 to, and than put it to a vrf/whatever? _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
- [j-nsp] out of band management - real OOB Chris Evans
- Re: [j-nsp] out of band management - real OOB Herro91
- Re: [j-nsp] out of band management - real OOB Darren Bolding
- Re: [j-nsp] out of band management - real OO... Jonathan Lassoff
- Re: [j-nsp] out of band management - real OOB Andrew Parnell
- Re: [j-nsp] out of band management - real OOB Pavel Lunin
- Re: [j-nsp] out of band management - real OOB Pavel Lunin
- Re: [j-nsp] out of band management - real OOB Jonathan Lassoff
- Re: [j-nsp] out of band management - real OO... Pavel Lunin
- Re: [j-nsp] out of band management - rea... Jonathan Lassoff
- Re: [j-nsp] out of band management - real OO... Chris Morrow
- Re: [j-nsp] out of band management - rea... Jonathan Lassoff
- Re: [j-nsp] out of band management ... Pavel Lunin
- Re: [j-nsp] out of band management - rea... Joel jaeggli
- Re: [j-nsp] out of band management ... Chris Evans
- Re: [j-nsp] out of band management - real OO... Joel jaeggli
- Re: [j-nsp] out of band management - real OOB DeathPacket