Unanswered Question
Jan 12th, 2010
User Badges:
  • Red, 2250 points or more

Hi All

Just a quick one.

I have a CSS 11501 (7.50) and have configured an IP address for the management Interface. This is now reachable from local subnet, but not from WAN. Apart from the gateway given in the boot statement, do we need to specifically give a route towards management interface for us to manage the CSS from WAN ?

for example, I have:

(config-boot)# ip address


Wouldnt the default gateway here, take care of the reachability from WAN (no reachability in my case). I see the documentation says we need to add another static route through the mgmt interface such as:

(config)# ip management route

, for us to do SNMP, telnet, SSH from WAN ? Is it possible to add on ip management command or could we just add static networks onto it? Will it affect default routing functionality of production VIP/interfaces in anyway?




Unfortunately I dont have a box to test the configs, and had to implement this on production..



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Mon, 01/25/2010 - 07:22
User Badges:
  • Red, 2250 points or more

Yes Guiseppe.  I did. but no response..

ANyways I made this work without any issues. Added specific subnets for managemnet subnets towards the MGMT interface and it worked good..


Giuseppe Larosa Mon, 01/25/2010 - 12:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Raj,

>> Added specific subnets for managemnet subnets towards the MGMT interface and it worked good..

This makes sense looking at the link you had attached.

I felt an impulse to try to empty the pipe ....:)

that is to try to give an answer

Hope to help


sachinraja Mon, 01/25/2010 - 12:19
User Badges:
  • Red, 2250 points or more

Thanks Guiseppe..

It is a little funny to define static routes, even after defining the default gateway on the MGMT interface ! CSS team probably  need to fix this ! I was always comparing CSS with something like a router, which has common routing table for all interfaces, which would make things tough for me to add this route ! but it turned out that CSS was behaving more like the ASA/PIX firewalls , in terms of routing.. So, the routes given in the MGMT interface did not overlap with the routes given on production interfaces ! Though it was documented, i had my own doubts , since there were highly critical servers (as always) which sits behind the CSS, and its still a blackbox for me :)

Thanks again



This Discussion