Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
2
Replies

ACE Best Practices

Go to solution
relsethagen
Level 1
Level 1

‎12-07-2008 10:38 PM

I am implementing a failover pair of ACE appliances, and am looking for some validation of my design thoughts. I would like to utilize a physical interface and a back to back cable on each ACE for the FT VLAN, is this recommended? I am planning a two port etherchannel dot1q trunk to carry my client and server side VLAN traffic from the LAN switch to the ACE, is this the recommended practice? I am planning to assign a management IP address to the Admin Context on my management VLAN. In my first user context, I am planning a one-arm deployment. In the design guides it makes mention of assigning a management VLAN IP address to each user context, does this make sense? It's my understanding that all interfaces on the ACE are inband so if I create a second management VLAN interface don't I have to worry about my routing configuration to prevent asymetric routing for management traffic. Is it good practice to allow management on the One-arm VLAN ip address?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎12-08-2008 01:47 AM

Your FT setup is what we recommend.

Dedicated link for FT.

We mentioned a management ip per context because usually each context represent a different group or company.

These persons may require access to the context only to manager their own config.

The Admin context controls the entire box, so you may want to have stronger restrictions there.

One-armed is usually the easiest to implement but not really the best.

It requires specific control of the traffic to avoid asymetric routing.

Gilles.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎12-08-2008 01:47 AM

Your FT setup is what we recommend.

Dedicated link for FT.

We mentioned a management ip per context because usually each context represent a different group or company.

These persons may require access to the context only to manager their own config.

The Admin context controls the entire box, so you may want to have stronger restrictions there.

One-armed is usually the easiest to implement but not really the best.

It requires specific control of the traffic to avoid asymetric routing.

Gilles.

0 Helpful

Go to solution
relsethagen
Level 1
Level 1
In response to Gilles Dufour

‎12-10-2008 08:46 AM

Thank you for your prompt response. I have specific requirements that that necessitate that I use one armed mode. What I am having a hard time understanding is the value of the Management interface. My default route will have to be out toward my One-Arm VLAN, My routing toward the Management VLAN will then be asymetric. Will this be a problem? If it is a problem is there any reason why I can't manage this context via the one-arm VLAN IP address?

0 Helpful
Customers Also Viewed These Support Documents