cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
508
Views
0
Helpful
7
Replies

Backup CSS11503 Ether-Mgnt Interface access

thumpercisco
Level 1
Level 1

I have box to box redundancy and I would like to access the ethernet-management interface on the backup CSS. The interface is configured and I have also performed commit_redundancy between CSS's, but, I cannot access the B/U CSS. Is the link not accessable because it is backup?

thanks

1 Accepted Solution

Accepted Solutions

Hi,

The solution in this case will be to isolate the way you get to the management port or to use the command virtual authentication secondary local in case TACACS is not available.

Also there is another thing you might want to take into account and it is that TACACS routed through the management port is currently not supported according to:

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/getstart/setup.htm#wp1160987

View solution in original post

7 Replies 7

danmuril
Cisco Employee
Cisco Employee

Hello,

The management port on the CSS is 10 Half Duplex please make sure you are connecting with the proper settings to it.

Also keep in mind that in order to apply changes to the management port you need to reboot the device. The interface should be accesible even if the box is backup.

I hope this helps.

I can connect to the Backup CSS11503 through the Ether-mgmt interface to the Username prompt after setting ip managagement route.

Now I cannot authenticate and I'm using Telnet.

Is there another setting?

Are you using any kind of authentication scheme like TACACS? or are you using the local authentication database of the CSS?

salmodov
Level 1
Level 1

I have the same configuration and have been able to login to the backup css. I don't think it is possible but if you get a way to do so please let me know as well.

Steve

I'm using TACACS and the interface to the upstream router on interface 1/1 is down because backup. I assume you would need a local account for logon which my company does not allow.

I have the next hop on the Ether-mgmt interface set for that subnet next hop router and unless TACACS can be used for authentication I cannot logon.

I keep my configs updated using commit-redun so I know if the master goes down the backup has a working config.

Thanks

Hi,

The solution in this case will be to isolate the way you get to the management port or to use the command virtual authentication secondary local in case TACACS is not available.

Also there is another thing you might want to take into account and it is that TACACS routed through the management port is currently not supported according to:

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/getstart/setup.htm#wp1160987

Thank you for the information. I use virtual authentication TACACS, but local is not allowed for security reasons.

The last comment is contrary in regards to my Master box, I can login/authenticate to the Ether-mgmt using TACACS or the 1/1 interface with TACACS, two differnt IP's and VLANS.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: