One of the best practices managing your production network devices is to have both, an in-band and out-of-band system management in place. An in-band management involves managing devices through the common protocols such as telnet or SSH, using the network itself as a media. It is a common way that provides identity based access controls for better security. By doing so, it is also a good practice to segregate your management traffic from your production customer traffic. If your network is for example congested due to the real user traffic – you will at least be able to login into your devices without a problem to address the issue. A good design for this is to create a management Vlan with all devices connected to it. This management Vlan should also be used for other management activities such as device monitoring, system logging and SNMP.
When your network is down or severely degraded, in-band management however could be of a little help, and you, as an administrator, might have no other choice but make a trip to you data center, unless there is an out-of-band network, that has been previously setup. Some folks tend to think there is no point to have both in-band and out-of-band management implemented, however these two different approaches do complement each other.
A typical out-of-band solutions is to have an access server, that is connected to a management port of each controlled device. An access server could have a public IP with the access list applied to allow only specific source IP addresses, for example. A modem or DSL line could also be used to dial in into the access server when its LAN/WAN is not available. There are a lot of options out there for your access server such as Cisco 2511, SecureLinx SLC8/16/32/48, Avocent Cyclades server and others, so you can pick whichever one you feel more confident about. Remember, your access switch will be used in the heat of the network outage. If there is one thing to get right – it is the access switch configuration and correct port names. It is also suggested to frequently check access to the server and make sure all links to your managed devices are operational.