Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
5
Helpful
1
Replies

Management traffic to the ACE

NAVIN PARWAL
Level 2
Level 2

‎01-09-2008 09:01 AM

Do i need to explicitly define management traffic coming to the ace module, i see in a lot of configurations that they allow managerment traffic in a special class to the ace?

also it is necessary to apply an access-list to the ace module to accept traffic for the vip, what if i do not use any access-list on the ace, will the traffic go through?

Labels:
0 Helpful
1 Reply 1

Eric Rose
Cisco Employee
Cisco Employee

‎01-09-2008 10:56 AM

Yes you need to define allowed traffic to the ace. The ace acts as an implicit deny. It will block everything until you allow it. The first policy/class match that you should define is the management traffic class.

access-list ALL line 8 extended permit ip any any

class-map type management match-any remote_access

2 match protocol xml-https any

4 match protocol icmp any

5 match protocol telnet any

6 match protocol ssh any

7 match protocol http any

8 match protocol https any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

interface vlan 121

ip address

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

Customers Also Viewed These Support Documents