Question in regard to management VLAN for each Context in ACE module

Answered Question
Feb 8th, 2010

Dear Pros,


I know this will be a simple questions to answer, and I have searched the forum, but I am not able to find the answer I need.

1) Does the ACE module require an Management IP address for each Context? Should the same VLAN be applied to each context, with larger size subnet to supply host address?

2) If it does require that, what IP address should I used for default route in each context.


I will be utilizing "Bridge Mode" for my application to transition the current network from Foundry to ACE. I will later on apply the "Routed Mode" model.


Each ACE module will have 3 seperate Context, for a total of 4 including the Admin.


Any suggestions or if you can point me to location as always will be greatly apprecaited.


Thanks and best regards.

Raman Azizian

Correct Answer by dario.didio about 7 years 2 weeks ago

Hi,


you have several options to choose from.


1. Use Admin context for management

You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.


+ Easy and straightforward

- snmp and syslog are using the ip from each individual context and not the management IP


2. Use a Large subnet and assign an IP address in each context for management.

You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.


+ each context has its own managment address

- static routes need to be added


3. Use your client-side ip address (or BVI) as management address.

You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.


+ no static routes needed

- inline management


Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.

If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.


HTH,

Dario

Correct Answer by Collin Clark about 7 years 2 weeks ago

The default route should point to the the L3 VLAN. For example I used some 172.16. addresses, but my mangement network is in the 10 network. Hopefully the crude picture that is attached will help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Collin Clark Mon, 02/08/2010 - 09:11

What I did was create a managment context and assign it an IP in my management subnet. Best practice is to not manage the deive inline with your traffic.


Hope that helps.

RAMAN AZIZIAN Mon, 02/08/2010 - 09:41

Hi Collin,


Thanks for taking the time to look over my question.


So, I just want to make sure I understand.


If I have already created an VLAN for management, will the management traffic not traverse that vlan? I have allocated different vlan for each Context. My confusion is if each context has a unique IP address for management, will the default route on each context point to the Client/Server (bridge mode) vlan (L3 VLAN) or the management VLAN?


I have attached a sketch of my lab setup in case you are interested in seeing it.


Thanks,

raman

Correct Answer
Collin Clark Mon, 02/08/2010 - 12:11

The default route should point to the the L3 VLAN. For example I used some 172.16. addresses, but my mangement network is in the 10 network. Hopefully the crude picture that is attached will help.

Attachment: 
Correct Answer
dario.didio Tue, 02/09/2010 - 02:05

Hi,


you have several options to choose from.


1. Use Admin context for management

You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.


+ Easy and straightforward

- snmp and syslog are using the ip from each individual context and not the management IP


2. Use a Large subnet and assign an IP address in each context for management.

You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.


+ each context has its own managment address

- static routes need to be added


3. Use your client-side ip address (or BVI) as management address.

You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.


+ no static routes needed

- inline management


Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.

If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.


HTH,

Dario

RAMAN AZIZIAN Tue, 02/09/2010 - 05:21

Dario,


Your explanation helped clear my understanding of how the management model should be applied. I wish I had more time to investigate this implementation, but time is my enemy. My customer would like to have the ACE up and running, and it helps to see feedback's/suggestions from other professionals who have had experience implementing this product.


Thanks for taking the time to answer my question.


Best Regards,

Raman

RAMAN AZIZIAN Tue, 02/09/2010 - 05:22

Collin,

Thanks for your help. By looking at your suggestion and Dario, I am able to get the answer I was looking for.


Best Regards,

raman

Actions

This Discussion