I agree with all of these points, and it's a pretty classic problem with managing devices that route.
The path I've gone down in most setups I've done is to simplify. I place all devices within a site within an "out of band" LAN/broadcast domain, and setup one (or two, depending on HA requirements) management host(s) on that LAN with a connection to a DSL or analog modem. Then, I only use the management port with other directly-connected hosts and avoid the routing problem all-together. In the cases where constant connections need to be made (SNMP polling, configuration auditing, etc.), I've setup NAT or port forwarding rules in iptables or pf on the management host. --j _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
