Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question in regard to management VLAN for each Context in ACE module

Dear Pros,

I know this will be a simple questions to answer, and I have searched the forum, but I am not able to find the answer I need.

1) Does the ACE module require an Management IP address for each Context? Should the same VLAN be applied to each context, with larger size subnet to supply host address?

2) If it does require that, what IP address should I used for default route in each context.

I will be utilizing "Bridge Mode" for my application to transition the current network from Foundry to ACE. I will later on apply the "Routed Mode" model.

Each ACE module will have 3 seperate Context, for a total of 4 including the Admin.

Any suggestions or if you can point me to location as always will be greatly apprecaited.

Thanks and best regards.

Raman Azizian

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Question in regard to management VLAN for each Context in AC

The default route should point to the the L3 VLAN. For example I used some 172.16. addresses, but my mangement network is in the 10 network. Hopefully the crude picture that is attached will help.

Silver

Re: Question in regard to management VLAN for each Context in AC

Hi,

you have several options to choose from.

1. Use Admin context for management

You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.


+ Easy and straightforward

- snmp and syslog are using the ip from each individual context and not the management IP

2. Use a Large subnet and assign an IP address in each context for management.

You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.

+ each context has its own managment address

- static routes need to be added

3. Use your client-side ip address (or BVI) as management address.

You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.

+ no static routes needed

- inline management

Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.

If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.

HTH,

Dario

7 REPLIES

Re: Question in regard to management VLAN for each Context in AC

What I did was create a managment context and assign it an IP in my management subnet. Best practice is to not manage the deive inline with your traffic.

Hope that helps.

New Member

Re: Question in regard to management VLAN for each Context in AC

Hi Collin,

Thanks for taking the time to look over my question.

So, I just want to make sure I understand.

If I have already created an VLAN for management, will the management traffic not traverse that vlan? I have allocated different vlan for each Context. My confusion is if each context has a unique IP address for management, will the default route on each context point to the Client/Server (bridge mode) vlan (L3 VLAN) or the management VLAN?

I have attached a sketch of my lab setup in case you are interested in seeing it.

Thanks,

raman

New Member

Re: Question in regard to management VLAN for each Context in AC

Sorry the file didn't get attached.

Re: Question in regard to management VLAN for each Context in AC

The default route should point to the the L3 VLAN. For example I used some 172.16. addresses, but my mangement network is in the 10 network. Hopefully the crude picture that is attached will help.

Silver

Re: Question in regard to management VLAN for each Context in AC

Hi,

you have several options to choose from.

1. Use Admin context for management

You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.


+ Easy and straightforward

- snmp and syslog are using the ip from each individual context and not the management IP

2. Use a Large subnet and assign an IP address in each context for management.

You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.

+ each context has its own managment address

- static routes need to be added

3. Use your client-side ip address (or BVI) as management address.

You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.

+ no static routes needed

- inline management

Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.

If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.

HTH,

Dario

New Member

Re: Question in regard to management VLAN for each Context in AC

Dario,

Your explanation helped clear my understanding of how the management model should be applied. I wish I had more time to investigate this implementation, but time is my enemy. My customer would like to have the ACE up and running, and it helps to see feedback's/suggestions from other professionals who have had experience implementing this product.

Thanks for taking the time to answer my question.

Best Regards,

Raman

New Member

Re: Question in regard to management VLAN for each Context in AC

Collin,

Thanks for your help. By looking at your suggestion and Dario, I am able to get the answer I was looking for.

Best Regards,

raman

548
Views
0
Helpful
7
Replies
CreatePlease login to create content