Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

right place for Cisco Works in a MPLS enviroment


we have a Enterprise Network running with some MPLS VPN?s on it. The question is now where to place the Cisco Works Machine in this enviroment ? Put it into a VPN, or leave it in the global Routingtable ? Can Cisco Works collect all Data that is nessesary to run Usertracking if it connected to the global Routing Table ? Some guidance would be helpful.


Re: right place for Cisco Works in a MPLS enviroment

Yes, cisco works can collect all the data that is necessary to run understacking.

New Member

Re: right place for Cisco Works in a MPLS enviroment


I feel running Ciscoworks in an MPLS VPN environment, you need to put the Ciscoworks server in a location so as to access all the other network devices.

You need to create something equal to a central services VPN. where all members of all VPNs can access the central VPN and vice versa.

This should be the topology for ciscoworks placement in the enterprise.


Re: right place for Cisco Works in a MPLS enviroment

Same as Akin, I used to create a separated VPN for NM and this VPN can communicate to all VPN for the management traffic only. Then the NMS (Ciscoworks) will be placed in this VPN to reach all devices.

Hope this helps.

Re: right place for Cisco Works in a MPLS enviroment

Hallo Markus,

well I would suggest to have a direct connection to the PE/P routers as well as a NMS VPN. There are mainly two reasons why I recommend it.

1) there have been several issues with management from a VPN like tftp download not working or SNMP requests not being possible through a VPN and the like. In brief: all management features need to be VRF aware and bug free. To access PE/P through "normal" IP from the BB seems more appropriate

Also P router connectivity would only be possible through packet leaking.

2) You might loose connectivity all together if something goes wrong with MPLS/VRF/MBGP. Assume your BGP or LDP crashes or is misconfigured. Then you have f.e. no access to your RR or other PEs than the one you are directly connected to. Connecting through a "normal" IP interface reduces the risk of such problems. You just have less dependency on all the features working properly.

To access all other devices behind VRFs is more simple through a central service NMS VPN (setup like the example in the MPLS class).

So having both options (VRF and "normal") seems to me is preferable.

Regards, Martin

Cisco Employee