By far, SNMP (the Simple Network Management Protocol) network management is the industry choice for managing wide area and local area networks. It is easy to use (hence its name), available from numerous vendors, inexpensive, and built into most networking devices. These features make it irresistible when a new network is being designed. But one of SNMPs greatest strengths, its use of in-band management, is also its greatest weakness.

SNMP management information travels the same network path as your data. It uses the same WAN and LAN routers, hubs, communications links, and DSU/CSUs. And there lies the problem. While the network is operating normally (or hovering near the normalcy), SNMP packets flow between the managed devices and the management workstation or Remote Monitor (RMON) with no problem. Its TRAPs, SETs, and GETs all flow with the same priority as regular traffic on the LAN/WAN and provide management information to the workstation or commands to the controlled devices. BUT, when the network goes down or is severely disrupted, SNMP traffic has no way to get between the managed device and the management workstation. Telnet is usually used in conjunction with an SNMP workstation. Telnet packets are also unable to move between the management workstation and managed devices during those network disruptions.

Whats the solution? Out-of-Band network management. With out-of-band management, a second path is available to the managed devices that does not depend on the LAN/WAN. It usually consists of an RS-232 access switch connected to the management port of each controlled device. For remote access, connect a modem and dial-in telephone line. This provides a direct route to the management port of each device that can be used for reconfiguration, troubleshooting, and rebooting. This route is not dependent upon telnet or SNMP packets moving through the LAN/WAN system. Every network device that supports SNMP also contains a RS-232 management port. Although it doesnt provide the fancy GUI interface of most SNMP workstations, this method provides the native interface for each device being controlled. For example, a Cisco router presents its IOS console prompt; a Netware server has its Rconsole colon prompt available. The access switch is transparent when connected to any device.

Do the two methods (in-band SNMP and Out-of-Band) compete with each other? Of course not, they compliment each other. System cost increases only slightly when adding out-of-band management; functionality increases an order of magnitude. Use the SNMP GUI where it fits best... for normal network monitoring and metrics, alarm reports, and data reduction. Then, when problems surface, run terminal emulation on the workstation and connect to the remote access switch for direct control of remote equipment. Since there is direct access to the management port, troubleshooting doesnt have the added complexity of a network being between the device and the technician. And when the network is down, the same connectivity is still there... a direct pipe between the technician and the device causing the problems.

How does terminal server access compare? Most devices can be connected to the network through a terminal server and their management port. Is that the same as an access switch device? NO! The terminal server places the data path in-band. If your LAN/WAN goes down, there is no path to the managed device. The key is that an access switch provides an independent, out-of-band path to the controlled devices.

Is SNMP management still needed with an access switch? When managing a mid-size to large network, SNMP cant be beat for the day-to-day management functions and metrics. It provides management reports concerning the state of the network and helps in planning growth paths. SNMP is also great for alarming faults. So, it should be used in conjunction with a good out-of- band access method.

How to choose an Access Switch

All access switch products aren't equal. When selecting an access switch, you should recognize that you will sometimes use it in the heat of a network outage. Ease of use is a paramount issue. You should require english-like, intuitive commands and user-named ports to make it fast and easy to use a device you may not have visited for several months. It's even better if the switch is self-documenting as are all DCB switches. Password security is necessary for all dial-in lines. If you expect to have on-site technicians, multiple controlling (input) ports are required. Otherwise, there's re-wiring at each technician visit for local control. (Hard to believe, but it's true that most access switch manufacturers only provide one controlling (input) port). You may want additional input-lines to connect to terminal server ports or multiplexer ports. This trick allows you to use the access switch through an in-band path when the network is operating normally. Other common issues such as economy, scaleability, and additional features are also important. The ability to switch AC power is a feature that may obsolete on-site visits for power-cycling or rebooting equipment. All the features discussed above are available on DCB switches.

