Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
0
Helpful
4
Replies

ACE management access

KAROLY KOHEGYI
Level 2
Level 2

‎09-06-2012 05:50 AM

Hi,

I have a config which has been working well  for many years.

Now i change the management class and after it i can access the ACE. ( I remove and applied the management service-policy also )

Telnet, SSh, ping are not working. I change back the config but it was not helped.

The config now. The ACE is in the CAT6506. The ping from ACE to MSFC is good but from MSFC to ACE is wrong!!

The ping to standby ACE access is also not working.

class-map type management match-any MGMT

  201 match protocol telnet source-address 10.42.10.227 255.255.255.255

  202 match protocol ssh any

  203 match protocol icmp any

  204 match protocol https any

  205 match protocol snmp any

policy-map type management first-match REMOTE_MGM_ALLOW_POLICY

  class MGMT

    permit

interface vlan 73

  description ACE-Application

  ip address 192.168.29.18 255.255.255.248

  alias 192.168.29.22 255.255.255.248

  peer ip address 192.168.29.20 255.255.255.248

  access-group input ALL

  access-group output ALL

  service-policy input REMOTE_MGM_ALLOW_POLICY

How can i troubleshoot this situation?

Thanks in advance!

Labels:
0 Helpful
4 Replies 4

Cesar Roque
Level 4
Level 4

‎09-06-2012 01:00 PM

Hi Karoly,

Could you please send  the rest of the configuration you hve in this Context

--------------------- Cesar R ANS Team
0 Helpful

KAROLY KOHEGYI
Level 2
Level 2
In response to Cesar Roque

‎09-06-2012 11:25 PM

Hi,

I gonna send it to your cisco mail.

Regards,

0 Helpful

Jorge Bejarano
Level 4
Level 4

‎09-10-2012 08:12 PM

Hello Karoly,

You may clear the arp table from the ACE and SWITCH.

do you have both ACEs under the same SWITCH chassis? Could you change the slots where you have the ACE located?

You may also run a arp debug on the ACE and collect a portchannel capture?

What version you have on the ACE and Switch?

Can you upload this command: # show scp stats?

Jorge

0 Helpful

KAROLY KOHEGYI
Level 2
Level 2
In response to Jorge Bejarano

‎09-10-2012 11:57 PM

Hi Jorge,

I check the ARP table in both device and it is OK. It has to be good because the ICMP is working well from ACE to MSFC.

The ACE is the same chassis as MSFC.

The ACE version is A2_3_5. The MSFC version is ipservicesk9_wan-mz.122-18.SXF10

The ARP debug is unnecessary. I captured the traffic between MSFC nad ACE and it shows the ACE is not responding to MGMG packets like ICMP ,TELNET or SSH.

It may means the mgmt policy is not working.

Lajos-ACE kernel uptime is 235 days 10 hours 15 minute(s) 14 second(s)

Lajos-ACE/Admin# show scp stats

SCP statistics:

Tx packets                                   26502132

Rx packets                                   26502132

Tx bytes                                   6365798914

Rx bytes                                   1194349623

TX Stats

TX Errors                                           0

TX Timeout                                          0

Not Connected                                       0

Tx No memory                                        0

RX Stats

Rx Error                                            1

Rx No memory                                        0

Rx no buffers                                       0

Rx offline                                          0

Rx message size                                     0

Rx Kthread enqueue                           21402361

Rx Kthread dequeue                           21402361

Rx unknown SAP                                      0

Rx MTS alloc fail                                   0

Rx MTS enqueue                               21402361

Rx MTS enqueue fail                                 0

Regards,

0 Helpful
Customers Also Viewed These Support Documents