CSS - IP management routes

Answered Question
May 4th, 2007

Hello,

I want to configure our CSS for management access from multiple subnets. The problem I am having is that I have read that a maximum of 8 static routes are allowed to be configured on the Ethernet management port of the CSS... and I have 11 subnets which require management access. My thought is that I could do one of the following...

1.) Combine some of my subnet ranges into a supernet range and enter this supernet as a single static route... thus reducing 4 route statements into 1.

2.) Configure a default route and let the firewall in front of the CSS Ethernet management port permit/deny the appropriate subnet access.

However, I already have a default static route configured as an ip route on the CSS... would this cause a conflict?

Also, if I did configure a default route on the CSS Ethernet management port, would traffic entering into the CSS Ethernet interfaces be susceptible to routing by the static routes configured under the Ethernet management port?

Thanks!

-Adam

I have this problem too.
0 votes
Correct Answer by joquesada about 9 years 6 months ago

Dear Adam,

Remember that a default gateway is different than a default route. When you use the 0.0.0.0 option on the boot mode of the CSS, you are disabling the default gateway for the management port, but it doesn't enables a default route.

Before answering you for the first time, I tried issuing a default route for the management port and the CSS gave me an error message letting me know that a default route is not allowed for the management port.

I still consider that your best option here is doing a summary route, as you were talking about. Thanks!

Regards,

Jose.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
joquesada Sun, 05/06/2007 - 14:35

Hi Adam,

Unfortunately, a default management route is not allowed for the management port, so option 2 might not feasible for your environment.

On the other hand, option 1 seems to be the best for you.

In regards to your last question, the traffic that goes through normal circuits is not susceptible of being routed via the management port as they are phisically separated in the CSS' architecture.

I hope this helps. Thanks!

Regards,

Jose Quesada.

a.veschak Mon, 05/07/2007 - 15:50

Jose,

Thanks for the reply. Upon further reading on Cisco's website, it appears that configuring a default gateway IS possible on the CSS Ethernet Management Port...

Configuring a Default Gateway for the Ethernet Management Port

The Ethernet management port allows you to boot the CSS from the Offline DM menu when the boot image resides on a different subnet. Use the gateway address command to configure a default gateway for the Ethernet management port. This command is available in boot mode.

To specify a default gateway for the Ethernet management port for use in Offline DM, enter:

(config)# boot

(config-boot)# gateway address 172.16.57.2

To disable the default gateway and set it to an IP address of 0.0.0.0, use the no form of the gateway address command. For example:

config-boot)# no gateway address

A default gateway of 0.0.0.0 for the Ethernet management port does not appear in the show boot-config command output for the CSS boot configuration.

Am I missing something? Is this configuration possible?

Thanks again!

-Adam

Correct Answer
joquesada Mon, 05/07/2007 - 21:53

Dear Adam,

Remember that a default gateway is different than a default route. When you use the 0.0.0.0 option on the boot mode of the CSS, you are disabling the default gateway for the management port, but it doesn't enables a default route.

Before answering you for the first time, I tried issuing a default route for the management port and the CSS gave me an error message letting me know that a default route is not allowed for the management port.

I still consider that your best option here is doing a summary route, as you were talking about. Thanks!

Regards,

Jose.

Actions

This Discussion