cancel
Showing results for 
Search instead for 
Did you mean: 

Advice on how to implement a 12port ICX7150

JD
New Contributor

Hello All,

We are currently working on a way to setup a sort of out-of-band management system in our small environment. Basically a mini PC will be connected to the 12port ICX7150 and the 12port will be connected to other ruckus switches in our other sites. The end goal is that if/when a resource in one of the sites isn't responding we can simply get on the mini pc remotely and then get to the site with the the 12port and its connection to that site's switch and subsequently its resources . The topology is akin to a hub and spoke but instead of all devices being connected to one central device we want the 12port ICX7150 to connect to all the sites we have. The problem is I am unsure of how the configuration on the 12port would be and what configuration would be on the switches on our remote sites as I don't want to cause any loops or broadcast storms I was wondering how I may achieve this goal. I appreciate any help or any advice on the matter.

1 ACCEPTED SOLUTION

Mayank
RUCKUS Team Member

 

Hi JD ,

Thank You For Posting Your Requirement !!!

Let us understand you concern with a diagram first !!

Mayank_1-1676624368279.png

If  you are planning to have  mini pc basically a jump server installed in your infrastructure first .

Then it should be planned in the DMZ zone as mention in the above diagram .

The Firewall should have appropriate policy configuration for this mini server so that only management network should be access from there.

Take SSL VPN connectivity from outside world on your firewall .Initiate a RDP session of your mini pc and start doing your stuff

CONFIGURATION DETAILS ON DMZ SWITCH :

Design A /30 Free Subnet for connectivity to your firewall and dmz switch and assign 1 ip on firewall and other on dmz switch

Configure the management vlan on dmz switch and assign the physical ports to the same vlan.

From each of your infrastructure device take a physical cable and connect its obb port with dmz switch .

Configure the ssh on the switch and default gateway ip as the firewall interface ip

Also assign an acl rule for ssh access so that you can only access via mini pc

CONFIGURATION ON FIREWALL :

Configure the policy from /30 free subnet on port connecting the dmz switch

Create a policy allowing ssl vpn subnet / user to allow mini pc

Create another policy to allow this mini pc to access the required subnet  

Note : Above diagram is just a reference diagram not a complete one.

View solution in original post

8 REPLIES 8

JD
New Contributor

Hi,

Thank you I will definitely give those a try.

Mayank
RUCKUS Team Member

 

Hi JD ,

Thank You For Posting Your Requirement !!!

Let us understand you concern with a diagram first !!

Mayank_1-1676624368279.png

If  you are planning to have  mini pc basically a jump server installed in your infrastructure first .

Then it should be planned in the DMZ zone as mention in the above diagram .

The Firewall should have appropriate policy configuration for this mini server so that only management network should be access from there.

Take SSL VPN connectivity from outside world on your firewall .Initiate a RDP session of your mini pc and start doing your stuff

CONFIGURATION DETAILS ON DMZ SWITCH :

Design A /30 Free Subnet for connectivity to your firewall and dmz switch and assign 1 ip on firewall and other on dmz switch

Configure the management vlan on dmz switch and assign the physical ports to the same vlan.

From each of your infrastructure device take a physical cable and connect its obb port with dmz switch .

Configure the ssh on the switch and default gateway ip as the firewall interface ip

Also assign an acl rule for ssh access so that you can only access via mini pc

CONFIGURATION ON FIREWALL :

Configure the policy from /30 free subnet on port connecting the dmz switch

Create a policy allowing ssl vpn subnet / user to allow mini pc

Create another policy to allow this mini pc to access the required subnet  

Note : Above diagram is just a reference diagram not a complete one.

hemant_singh
New Contributor II

Thank you Mayank for sharing your knowledge. this is what I have been looking for for a couple of days.

dave_feasey
Community Manager
Community Manager

Thanks Chandini, Mayank and jdryan. Can you each email me if you receive the subscription notification to this post?

Thanks!