Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
0
Helpful
7
Replies

Question in regard to management VLAN for each Context in ACE module

Go to solution
RAMAN AZIZIAN
Level 1
Level 1

‎02-08-2010 08:22 AM

Dear Pros,

I know this will be a simple questions to answer, and I have searched the forum, but I am not able to find the answer I need.

1) Does the ACE module require an Management IP address for each Context? Should the same VLAN be applied to each context, with larger size subnet to supply host address?

2) If it does require that, what IP address should I used for default route in each context.

I will be utilizing "Bridge Mode" for my application to transition the current network from Foundry to ACE. I will later on apply the "Routed Mode" model.

Each ACE module will have 3 seperate Context, for a total of 4 including the Admin.

Any suggestions or if you can point me to location as always will be greatly apprecaited.

Thanks and best regards.

Raman Azizian

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to RAMAN AZIZIAN

‎02-08-2010 12:11 PM

The default route should point to the the L3 VLAN. For example I used some 172.16. addresses, but my mangement network is in the 10 network. Hopefully the crude picture that is attached will help.

View solution in original post

Preview file
49 KB
0 Helpful

Go to solution
dario.didio
Level 4
Level 4
In response to Collin Clark

‎02-09-2010 02:05 AM

Hi,

you have several options to choose from.

1. Use Admin context for management

You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.


+ Easy and straightforward

- snmp and syslog are using the ip from each individual context and not the management IP

2. Use a Large subnet and assign an IP address in each context for management.

You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.

+ each context has its own managment address

- static routes need to be added

3. Use your client-side ip address (or BVI) as management address.

You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.

+ no static routes needed

- inline management

Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.

If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.

HTH,

Dario

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎02-08-2010 09:11 AM

What I did was create a managment context and assign it an IP in my management subnet. Best practice is to not manage the deive inline with your traffic.

Hope that helps.

0 Helpful

Go to solution
RAMAN AZIZIAN
Level 1
Level 1
In response to Collin Clark

‎02-08-2010 09:41 AM

Hi Collin,

Thanks for taking the time to look over my question.

So, I just want to make sure I understand.

If I have already created an VLAN for management, will the management traffic not traverse that vlan? I have allocated different vlan for each Context. My confusion is if each context has a unique IP address for management, will the default route on each context point to the Client/Server (bridge mode) vlan (L3 VLAN) or the management VLAN?

I have attached a sketch of my lab setup in case you are interested in seeing it.

Thanks,

raman

0 Helpful

Go to solution
RAMAN AZIZIAN
Level 1
Level 1
In response to RAMAN AZIZIAN

‎02-08-2010 09:45 AM

Sorry the file didn't get attached.

Preview file
82 KB
0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to RAMAN AZIZIAN

‎02-08-2010 12:11 PM

The default route should point to the the L3 VLAN. For example I used some 172.16. addresses, but my mangement network is in the 10 network. Hopefully the crude picture that is attached will help.

Preview file
49 KB
0 Helpful

Go to solution
dario.didio
Level 4
Level 4
In response to Collin Clark

‎02-09-2010 02:05 AM

Hi,

you have several options to choose from.

1. Use Admin context for management

You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.


+ Easy and straightforward

- snmp and syslog are using the ip from each individual context and not the management IP

2. Use a Large subnet and assign an IP address in each context for management.

You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.

+ each context has its own managment address

- static routes need to be added

3. Use your client-side ip address (or BVI) as management address.

You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.

+ no static routes needed

- inline management

Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.

If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.

HTH,

Dario

0 Helpful

Go to solution
RAMAN AZIZIAN
Level 1
Level 1
In response to dario.didio

‎02-09-2010 05:21 AM

Dario,

Your explanation helped clear my understanding of how the management model should be applied. I wish I had more time to investigate this implementation, but time is my enemy. My customer would like to have the ACE up and running, and it helps to see feedback's/suggestions from other professionals who have had experience implementing this product.

Thanks for taking the time to answer my question.

Best Regards,

Raman

0 Helpful

Go to solution
RAMAN AZIZIAN
Level 1
Level 1
In response to Collin Clark

‎02-09-2010 05:22 AM

Collin,

Thanks for your help. By looking at your suggestion and Dario, I am able to get the answer I was looking for.

Best Regards,

raman

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents