Detections
Analytics

Out-of-Band Management port

Information

The Out-of-Band Management (OoBM) port, enabled by default, is intended to provide a means to access and manage the switch from a network segregated from production traffic. Only stations on the segregated management network can gain management access to the switch; this sharply limits the universe of devices that may attempt unauthorized access.

 Switch management services can be configured to use the OoBM port rather than switch data ports. Traffic cannot be routed between the OoBM port and data ports, and the OoBM port can be assigned a dedicated gateway address. In a switch stack (backplane or VSF), a single global OoBM IP address can be assigned for the entire stack, in addition to addresses for each individual stack member.

 NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

This example sets a global OoBM IP address on a three-switch stack, as well as individual static addresses for each of the three members:

 switch(config)# oobm
 switch(oobm)# ip address 10.1.0.5/24
 switch(oobm)# ip default-gateway 10.1.0.1
 switch(oobm)# member 1
 switch(oobm member-1)# ip address 10.1.0.6/24
 switch(oobm member-1)# ip default-gateway 10.1.0.1
 switch(oobm member-1)# member 2
 switch(oobm member-2)# ip address 10.1.0.7/24
 switch(oobm member-2)# ip default-gateway 10.1.0.1
 switch(oobm member-2)# member 3
 switch(oobm member-3)# ip address 10.1.0.8/24
 switch(oobm member-3)# ip default-gateway 10.1.0.1

 To use DHCP on a standalone switch:
 switch(config)# oobm
 switch(oobm)# ip address dhcp-bootp

 There are a couple of useful show commands that can be used to monitor the status of OoBM ports:

 switch# show oobm
 Global OOBM Configuration
 OOBM Enabled : Yes
 VSF Member 1
 OOBM Port Type : 100/1000T
 OOBM Interface Status : Up
 OOBM Port : Enabled
 OOBM Port Speed : Auto
 MAC Address : 00005E-005301

 VSF Member 2
 OOBM Port Type : 100/1000T
 OOBM Interface Status : Up
 OOBM Port : Enabled
 OOBM Port Speed : Auto
 MAC Address : 00005E-005302

 switch# show oobm ip
 IPv4 Status : Enabled
 IPv4 Default Gateway : 10.1.0.1
 | Address Interface
 VSF-member | IP Config IP Address/Prefix Length Status Status
 ---------- + --------- ------------------------- -------- ---------
 Global | manual 10.1.0.5/24 Active Up
 1 | manual 10.1.0.6/24 Active Up
 2 | manual 10.1.0.7/24 Active Up

See Also

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(13)

Plugin: ArubaOS

Control ID: ed51f2cfcbf4f565cb2b801466a95d1d7cb11b3a16dbe5b72f99ee7d204253a7