09-06-2012 05:50 AM
Hi,
I have a config which has been working well for many years.
Now i change the management class and after it i can access the ACE. ( I remove and applied the management service-policy also )
Telnet, SSh, ping are not working. I change back the config but it was not helped.
The config now. The ACE is in the CAT6506. The ping from ACE to MSFC is good but from MSFC to ACE is wrong!!
The ping to standby ACE access is also not working.
class-map type management match-any MGMT
201 match protocol telnet source-address 10.42.10.227 255.255.255.255
202 match protocol ssh any
203 match protocol icmp any
204 match protocol https any
205 match protocol snmp any
policy-map type management first-match REMOTE_MGM_ALLOW_POLICY
class MGMT
permit
interface vlan 73
description ACE-Application
ip address 192.168.29.18 255.255.255.248
alias 192.168.29.22 255.255.255.248
peer ip address 192.168.29.20 255.255.255.248
access-group input ALL
access-group output ALL
service-policy input REMOTE_MGM_ALLOW_POLICY
How can i troubleshoot this situation?
Thanks in advance!
09-06-2012 01:00 PM
Hi Karoly,
Could you please send the rest of the configuration you hve in this Context
09-06-2012 11:25 PM
Hi,
I gonna send it to your cisco mail.
Regards,
09-10-2012 08:12 PM
Hello Karoly,
You may clear the arp table from the ACE and SWITCH.
do you have both ACEs under the same SWITCH chassis? Could you change the slots where you have the ACE located?
You may also run a arp debug on the ACE and collect a portchannel capture?
What version you have on the ACE and Switch?
Can you upload this command: # show scp stats?
Jorge
09-10-2012 11:57 PM
Hi Jorge,
I check the ARP table in both device and it is OK. It has to be good because the ICMP is working well from ACE to MSFC.
The ACE is the same chassis as MSFC.
The ACE version is A2_3_5. The MSFC version is ipservicesk9_wan-mz.122-18.SXF10
The ARP debug is unnecessary. I captured the traffic between MSFC nad ACE and it shows the ACE is not responding to MGMG packets like ICMP ,TELNET or SSH.
It may means the mgmt policy is not working.
Lajos-ACE kernel uptime is 235 days 10 hours 15 minute(s) 14 second(s)
Lajos-ACE/Admin# show scp stats
SCP statistics:
Tx packets 26502132
Rx packets 26502132
Tx bytes 6365798914
Rx bytes 1194349623
TX Stats
TX Errors 0
TX Timeout 0
Not Connected 0
Tx No memory 0
RX Stats
Rx Error 1
Rx No memory 0
Rx no buffers 0
Rx offline 0
Rx message size 0
Rx Kthread enqueue 21402361
Rx Kthread dequeue 21402361
Rx unknown SAP 0
Rx MTS alloc fail 0
Rx MTS enqueue 21402361
Rx MTS enqueue fail 0
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide