Console Servers & Cellular Providers

David Hubbard dhubbard at dino.hostasaurus.com
Wed Feb 7 18:29:00 UTC 2018


We get static IP's to facilitate monitoring that the OOB remains online (easier to hit a non-changing IP than getting false positives for outage between an IP change and DDnS or whatever other type of update needs to happen), and it also makes IPSec VPN easy if your roving sysadmins know what IP to VPN into for a given site, when DNS may or may not be working.


On 2/7/18, 12:49 PM, "NANOG on behalf of Chris Marget" <nanog-bounces at nanog.org on behalf of chris at marget.com> wrote:

    Lots of references to static IPs from cellular providers for OoB access in
    this thread. Why? It seems like a dial-home scheme is an obvious solution
    here, whether it's Opengear's Lighthouse product, openvpn, or whatever...
    
    Do you all have a security directive that demands whitelisted IP addresses?
    
    I've got a handful of OoB systems that dial home via cellular, but only
    after they've been poked by SMS. Opengear's auto-response facilitates that,
    and I've done it with EEM (to start DMVPN) on Cisco ISRs.
    
    The main headache I've run into is that it's tough to get a SIM card from
    ATT that does data and SMS: ATT's M2M plans don't allow SMS, and moving the
    SIM from an iPhone to "a computer" causes the SMS capability to vanish. My
    ATT OoB boxes (used only where Verizon is reported to not work) are online
    all the time.
    



More information about the NANOG mailing list