Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS11500 management port routing problem

I've got a CSS11503 running WebNS 7.10 and need to upgrade to 7.20. Ethernet management port is part of my management VLAN. I can ping the other equipment on the management VLAN and the default gateway.

Now, my FTP server (with the 7.20 image) is located on a different VLAN/subnet. The CSS'es default gateway can reach the FTP server without problems (actually, they are routed on the C6509/MSFC2). However, the CSS can't reach anything outside it's own subnet.

WebNS 7.20 has an option to add extra routes for the management port only, but 7.10 does not.

Do I really have to move the FTP server to the same subnet as the CSS in order to upgrade? However, I wonder what the 'gateway address' for the ethernet management port on the CSS is then used for. Apperantly, the CSS with 7.10 can't make use of it.

Any pointers?

New Member

Re: CSS11500 management port routing problem


There are several things you need to consider.

1. The management port default gateway command is used to load a boot file on a CSS from a different subnet.

2. The gateway address command has an effect only in an Offline DM boot operation and not in the running-config.

The following url displays this URL:

3. If you want to do it from the command line it is better to use the following process.

By using the FTP command and using the copy ftp command to copy the image from your FTP server in version 7.1.

Cisco Employee

Re: CSS11500 management port routing problem

one solution is to NAT the ftp address on the default gateway attached to the management port so the FTP device looks to be part of the same subnet.

7.20 will fix this problem - but you first need to upgrade :-)


New Member

Re: CSS11500 management port routing problem

And so I did. The FTP server was temporarly put on the management VLAN and CSS version was bumped to 7.20.

But, I still can't seem to reach hosts outside the VLAN management port is part of. According to the manual, one should use 'ip management route' command to add extra routes. However, that command doesn't seem to exists,

ows-css-sw0# sh ver

Version: sg0720003 (7.20 Build 3)

Flash (Locked): 7.10 Build 102

Flash (Operational): 7.20 Build 3


Licensed Cmd Set(s): Standard Feature Set

ows-css-sw0# sh boot

!************************ BOOT CONFIG ************************

ip address

subnet mask

gateway address

primary boot-file sg0720003

primary boot-type boot-via-disk

ows-css-sw0# conf t

ows-css-sw0(config)# ip management route /24


%% Invalid input detected at '^' marker.


Am I doing something wrong here?

Cisco Employee

Re: CSS11500 management port routing problem

this feature is only available in 6.10 currently which is for the first generation CSS.

This feature does not exist yet for the 11500.


New Member

Re: CSS11500 management port routing problem

One work-around for this problem is to use NAT. But this requires a device on your management VLAN which is capable of doing NAT. With NAT, you can fool your CSS into thinking that the FTP server is local to its ethernet management port's subnet. We use this solution and on our CSS, the TACACS, NTP, SYSLOG, FTP, SNMP & TFTP servers all appear to be the same IP device which is local to the CSS's ethernet management port.

Of course In-band management is also an option, but we try to avoid this option whenever we can due to its security implications (i.e.: we want to minimize to possibility of our management VLAN being visible from the Internet!!!).

Hope this helps!

New Member

Re: CSS11500 management port routing problem

Thanks for the suggestion. However, I don't really like unneccesary hacks on my network. CSS should support using other subnets via the management port and so it does in ver >= 7.20.