Backup CSS11503 Ether-Mgnt Interface access

Answered Question
May 15th, 2007

I have box to box redundancy and I would like to access the ethernet-management interface on the backup CSS. The interface is configured and I have also performed commit_redundancy between CSS's, but, I cannot access the B/U CSS. Is the link not accessable because it is backup?

thanks

Correct Answer by danmuril about 9 years 9 months ago

Hi,


The solution in this case will be to isolate the way you get to the management port or to use the command virtual authentication secondary local in case TACACS is not available.


Also there is another thing you might want to take into account and it is that TACACS routed through the management port is currently not supported according to:


http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/getstart/setup.htm#wp1160987

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
danmuril Tue, 05/15/2007 - 15:20

Hello,


The management port on the CSS is 10 Half Duplex please make sure you are connecting with the proper settings to it.


Also keep in mind that in order to apply changes to the management port you need to reboot the device. The interface should be accesible even if the box is backup.


I hope this helps.

thumpercisco Thu, 05/17/2007 - 11:23

I can connect to the Backup CSS11503 through the Ether-mgmt interface to the Username prompt after setting ip managagement route.


Now I cannot authenticate and I'm using Telnet.


Is there another setting?

danmuril Fri, 05/18/2007 - 08:28

Are you using any kind of authentication scheme like TACACS? or are you using the local authentication database of the CSS?

salmodov Sat, 05/19/2007 - 11:39

I have the same configuration and have been able to login to the backup css. I don't think it is possible but if you get a way to do so please let me know as well.


Steve

thumpercisco Mon, 05/21/2007 - 02:45

I'm using TACACS and the interface to the upstream router on interface 1/1 is down because backup. I assume you would need a local account for logon which my company does not allow.

I have the next hop on the Ether-mgmt interface set for that subnet next hop router and unless TACACS can be used for authentication I cannot logon.

I keep my configs updated using commit-redun so I know if the master goes down the backup has a working config.


Thanks

Correct Answer
danmuril Mon, 05/21/2007 - 09:14

Hi,


The solution in this case will be to isolate the way you get to the management port or to use the command virtual authentication secondary local in case TACACS is not available.


Also there is another thing you might want to take into account and it is that TACACS routed through the management port is currently not supported according to:


http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/getstart/setup.htm#wp1160987

thumpercisco Mon, 05/21/2007 - 09:46

Thank you for the information. I use virtual authentication TACACS, but local is not allowed for security reasons.

The last comment is contrary in regards to my Master box, I can login/authenticate to the Ether-mgmt using TACACS or the 1/1 interface with TACACS, two differnt IP's and VLANS.


Thanks

Actions

This Discussion