Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Management traffic to the ACE

Do i need to explicitly define management traffic coming to the ace module, i see in a lot of configurations that they allow managerment traffic in a special class to the ace?

also it is necessary to apply an access-list to the ace module to accept traffic for the vip, what if i do not use any access-list on the ace, will the traffic go through?

1 REPLY
Cisco Employee

Re: Management traffic to the ACE

Yes you need to define allowed traffic to the ace. The ace acts as an implicit deny. It will block everything until you allow it. The first policy/class match that you should define is the management traffic class.

access-list ALL line 8 extended permit ip any any

class-map type management match-any remote_access

2 match protocol xml-https any

4 match protocol icmp any

5 match protocol telnet any

6 match protocol ssh any

7 match protocol http any

8 match protocol https any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

interface vlan 121

ip address

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

126
Views
5
Helpful
1
Replies