So I've got a bunch of Ciena 6200 kit in, with some of their professional services folks onsite, helping with the initial setup. I know nothing of this kit, other than from what I'm being told, it's pretty bleeding edge, so much so that not even many people at Ciena know how to use it.
The SE who's onsite is apparently claiming that there is no provision to set a default gateway on the management interface. This seems odd to me. What is more odd is that we have to buy a manual for it. There isn't an electronic version available, even.
I've created an account on their portal, so when that gets approved, I'll see what sort of documentation I can find, but off the top of anyone's head, does anyone know how to do this default gateway thing on the management interface? It's apparently been IP'd properly, so that much is working...
Thanks in advance. Sorry for the lack of content otherwise.
Me too, which is why I've got a call in to another company regarding their management LAN port that I can't configure with a default gateway either. At least not using the CLI.
Is this common and I just noticed it because it happened to me, or is this some collective engineering brain cramp that just took hold?
it's probably fair to point out that practically all optical vendors
don't actually understand 'ip' and 'routing' and 'systems management'
... try doing ntp with ONS boxes? got ntpv>1? then ... oops
never mind the situations where you install a 0/0 route on a
management interface/config and STILL have to /32 route particular
services out the same GW as 0/0 ... (not cisco, another busted
vendor)...
Everyone knows that attacks against your management interface come from devices not on your management network. By removing the default gateway feature, Ciena is improving the security of your network.
It's time we created a BCOP specifying that default gateway functionality be disabled or removed in all network deployments, in the interest of security. Security improvements realized in the last few years by dropping all ICMP and TCP DNS at firewall boundaries, not to mention universal deployment of NAT, were just the first few steps to creating a much more secure Internet.
Once disablement of default gateway functionality has been become a common practice, the natural reduction in traffic on the Internet should allow most operators to achieve enormous cost savings by powering off all of their equipment.
While my device is not a Ciena, it has the same issue - and I don't think I'm going to be getting attacks against my management interface on a 10.0.x.x network.
I want the option to decide for myself.
I'm not all that interested in setting up a management VLAN so this one device in my central office will be happy on it's "virtually flat" network.
The ALU 7750/7450, etc. routers have a separate routing
process/configuration for their OOB mgmt and as of the last time I looked
do not support a default gateway.
The ALU 7750/7450, etc. routers have a separate routing
process/configuration for their OOB mgmt and as of the last time I looked
do not support a default gateway.
Well you can set up multiple static routes. The only route you can't set it 0/0.
This will work, though I'd suggest only putting the management routes it needs
in it.
MINOR: SYSTEM #1505 Invalid static route destination prefix - cannot configure
default route on the management interface
So just for completeness - the box does support a default gateway and it was pretty simple to figure out once we were able to connect to it over the Web UI. The professional services tech who installed this stuff basically copied data off of a spreadsheet and didn't really have any notion of how the thing really worked so he didn't really have any answers.
honestly? this sounds like typical alu
some of their kit requires either proxy-arp from the default-gw (and
no support for default-gw, all of the 'internet' is out the management
ether... on that ether link) or 'can we run ospf with your router?'
what?? you put ospf processing/handling/debugging (ha!) but you can't
point 0/0 at that ip over -> there?? wtf
Most other vendors just put a serial console on the product at 9600n8 to do a
basic config (power, channel, etc).
Not ALU.
The radio sets up a PPP connection on the serial port and that connects to a
windows laptop (XP sp1 or older, win2k works best).
Now do you think they use IP for this? nope! ISO CLNS and ISIS to find the radio.
Only after these 5 things go right, may you fire up the java GUI that actually
talks to it. After about 10 min, it should be up and might talk to it.
Now on the odd chance it does not work (shocking, right?), you get to trouble
shoot it. Better break out the Italian to English dictionary, all the error
messages are in Italian.
Thankfully the IP routing development team does not have these issues. Most
possess a good amount of clue.
