Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE Module Management IP

How can I configure ssh management access to the ACE module configured in bridged mode.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE Module Management IP

do not mix "domain" name and user "domain".

The domain name is something like cisco.com or yourcompany.net ...

But the user domain is what objects is a user allowed to modify/configure/access inside ACE.

I don't think you need to specify a domain-name to generate the key.

Here is what I did :

switch/Admin(config)# ssh key rsa 768

generating rsa key(768 bits).....

......

generated rsa key

switch/Admin(config)#

gdufour-cat6k1#ssh -l admin 10.86.213.40

Password:

Cisco Application Control Software (ACSW)

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software are covered under the GNU Public

License. A copy of the license is available at

http://www.gnu.org/licenses/gpl.html.

User 'www' is disabled.Please change the password to enable the user.

switch/Admin#

Just make sure you allow SSH traffic with your management policy.

Gilles.

8 REPLIES
Cisco Employee

Re: ACE Module Management IP

New Member

Re: ACE Module Management IP

I followed the link given and I am getting the below error

6500#ssh -l admin 10.0.0.1

[Connection to 10.0.0.1 aborted: error status 28]

Do you know what the above error means. I can telnet the ACE module from Cat6500 but not ssh.

Please assist.

Thanks

New Member

Re: ACE Module Management IP

In the following excerpt, how do I define domain name. Currently, when I do 'show domain' it shows it as default-domain. Is this sufficient or do I need to create another domain for ssh access.

"Before you generate the key, set the hostname and the domain name."

Cisco Employee

Re: ACE Module Management IP

do not mix "domain" name and user "domain".

The domain name is something like cisco.com or yourcompany.net ...

But the user domain is what objects is a user allowed to modify/configure/access inside ACE.

I don't think you need to specify a domain-name to generate the key.

Here is what I did :

switch/Admin(config)# ssh key rsa 768

generating rsa key(768 bits).....

......

generated rsa key

switch/Admin(config)#

gdufour-cat6k1#ssh -l admin 10.86.213.40

Password:

Cisco Application Control Software (ACSW)

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software are covered under the GNU Public

License. A copy of the license is available at

http://www.gnu.org/licenses/gpl.html.

User 'www' is disabled.Please change the password to enable the user.

switch/Admin#

Just make sure you allow SSH traffic with your management policy.

Gilles.

New Member

Re: ACE Module Management IP

I generated the key with 1024 bits earlier and faced the error. Following your example i.e. 768 bits, ssh worked. Strange...

1024 is stated in the example on the given link as well.

New Member

Re: ACE Module Management IP

telnet and ssh to ACE from CAT6500 is working. But if I do the same via putty from another segment, if fails (ping works though)

Topology:

MSFC -> SVI for Vlan11 and Vlan13 defined

ACE -> (Vlan11 briged to Vlan12 on ACE)

(Vlan13 is the management IP interface)

-> FWSM (Vlan15)

From Vlan15 I can ping Vlan13 management IP but I cannot telnet or ssh to it. Policy-map has been defined and applied via service-policy to Vlan13 in ACE for management access via ssh, telnet.

Is there anything else requred for telnet, ssh ?

New Member

Re: ACE Module Management IP

Ok. It got fixed. I removed Vlan12 (bridged mode) and added ip route for Vlan15 network via Vlan13. Strange...

Does anyone know how are the default and specific routes defined in ACE in case of multiple client/server VLANs. How does ACE identify which route to pick based on which VLAN. Can I drive traffic out of all VLANs from one of the VLAN SVI defined on MSFC.

Cisco Employee

Re: ACE Module Management IP

You could use mac-sticky enable to make the traffic return via the same way it came in.

Gilles.

1806
Views
0
Helpful
8
Replies
CreatePlease login to create content