cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
504
Views
6
Helpful
5
Replies

right place for Cisco Works in a MPLS enviroment

maamann
Level 1
Level 1

Hello,

we have a Enterprise Network running with some MPLS VPN?s on it. The question is now where to place the Cisco Works Machine in this enviroment ? Put it into a VPN, or leave it in the global Routingtable ? Can Cisco Works collect all Data that is nessesary to run Usertracking if it connected to the global Routing Table ? Some guidance would be helpful.

5 Replies 5

aghaznavi
Level 5
Level 5

Yes, cisco works can collect all the data that is necessary to run understacking.

akin_lopez
Level 1
Level 1

Hi,

I feel running Ciscoworks in an MPLS VPN environment, you need to put the Ciscoworks server in a location so as to access all the other network devices.

You need to create something equal to a central services VPN. where all members of all VPNs can access the central VPN and vice versa.

This should be the topology for ciscoworks placement in the enterprise.

Same as Akin, I used to create a separated VPN for NM and this VPN can communicate to all VPN for the management traffic only. Then the NMS (Ciscoworks) will be placed in this VPN to reach all devices.

Hope this helps.

Hallo Markus,

well I would suggest to have a direct connection to the PE/P routers as well as a NMS VPN. There are mainly two reasons why I recommend it.

1) there have been several issues with management from a VPN like tftp download not working or SNMP requests not being possible through a VPN and the like. In brief: all management features need to be VRF aware and bug free. To access PE/P through "normal" IP from the BB seems more appropriate

Also P router connectivity would only be possible through packet leaking.

2) You might loose connectivity all together if something goes wrong with MPLS/VRF/MBGP. Assume your BGP or LDP crashes or is misconfigured. Then you have f.e. no access to your RR or other PEs than the one you are directly connected to. Connecting through a "normal" IP interface reduces the risk of such problems. You just have less dependency on all the features working properly.

To access all other devices behind VRFs is more simple through a central service NMS VPN (setup like the example in the MPLS class).

So having both options (VRF and "normal") seems to me is preferable.

Regards, Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: