I want to configure our CSS for management access from multiple subnets. The problem I am having is that I have read that a maximum of 8 static routes are allowed to be configured on the Ethernet management port of the CSS... and I have 11 subnets which require management access. My thought is that I could do one of the following...
1.) Combine some of my subnet ranges into a supernet range and enter this supernet as a single static route... thus reducing 4 route statements into 1.
2.) Configure a default route and let the firewall in front of the CSS Ethernet management port permit/deny the appropriate subnet access.
However, I already have a default static route configured as an ip route on the CSS... would this cause a conflict?
Also, if I did configure a default route on the CSS Ethernet management port, would traffic entering into the CSS Ethernet interfaces be susceptible to routing by the static routes configured under the Ethernet management port?
Remember that a default gateway is different than a default route. When you use the 0.0.0.0 option on the boot mode of the CSS, you are disabling the default gateway for the management port, but it doesn't enables a default route.
Before answering you for the first time, I tried issuing a default route for the management port and the CSS gave me an error message letting me know that a default route is not allowed for the management port.
I still consider that your best option here is doing a summary route, as you were talking about. Thanks!