Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Data center design! What is ACE

Hi Everyone,

We are planning to have a datacenter. decided to buy 2 core 6500 series switches. what exactly is ACE? i understand it does loadbalancing. but then why wd not one use CSS instead on ACE. if we use ACE , can we eliminate the need of FWSM module. i read ACE has lots of security features. also it does web caching.. i may be wrong here.

So if we only have ACE in 6500, do we still need FWSM and some web caching engine (WASS). please also let me know some important features of ACE-Thanks

Cisco Employee

Re: Data center design! What is ACE

The ACE module is a loadbalancer that should eventually replace the CSS and CSM.

It comes with some firewall features but not all of them. Some users have enough FW features on the ACE module so they don't need the FWSM.

Others still need the FWSM.

Depends on what you need.

Finally, the ACE module does not come with caching option. Only the ACE Appliance - c4710 - has the caching and optimization features.


New Member

Re: Data center design! What is ACE

Thanks for the response. I shall appreciate if you let me know what security are not there in ACE compared with FWSM. is there an link which can tell me that


Cisco Employee

Re: Data center design! What is ACE

unfortunately there is no such document as far as I know.

As a rule, ACE has all the security features for the protocol it can loadbalance at L7 - ie: HTTP, FTP, RTSP,DNS, the necessary TCP,ICMP security features.

Anything else ACE does not have it.


Re: Data center design! What is ACE

Following security features are not supported on ACE

time based ACLs

ACL to Syslog correlation

url filtering (Websense..)

ActiveX/Java filtering

OSPF/RIP support


New Member

Re: Data center design! What is ACE

so ACE have features but similar to secure IOS on router. it cant replace FWSM where we need DMZ or virtual contexts and make it look like a firewall (ASA, PIX, FWSM). In a data center environment where need to isolate servers from users.

would you guys design 6500 with fwsm and ace or only ace ?


CreatePlease login to create content