Ace management vlan question

DOUG KIRK · ‎03-25-2009

I would like to deploy multiple contexts on my ace. I am wondering if I can use the same management vlan for all of them or do i need to use different vlans? I would like to use mulitple contexts behind one fwsm for product management reasons, but i only really want one management vlan.

thanks

Syed Iftekhar Ahmed · ‎03-25-2009

Yes.

You can use a shared management vlan. All the interface among the different contexts (connected to management vlan) needs to have a unique IP.

Also If you are planning to manage these contexts from remote networks then you need static routes for these remote networks.

HTH

Syed Iftekhar Ahmed

RAMAN AZIZIAN · ‎02-08-2010

Hi Syed,

Can you kindly explain where the static route would need to be applied?

If the management vlan is shared among all the Contexts, and each context have a unique IP address, does the static route get applied at each context (user defined, and admin), and the Sup card?

Thanks for any feedback.

Raman Azizian

dario.didio · ‎02-09-2010

Hi,

If you have a managment IP subnet (VLAN) and you want to give each context a unique IP address out of this subnet, then you need to have in each context these static routes defined, because each context has its own routing table.

For example:

Managment subnet 172.16.0.0/24 - router 172.16.0.254

CONTEXT 1 172.16.0.10/24

CONTEXT 2 172.16.0.11/24

CONTEXT 3 172.16.0.12/24

Management station: 10.0.0.10/24

in this case, in each context you would configure

ip route 10.0.0.10 255.255.255.255 172.16.0.254

assuming your router has a route to reach the management station.

HTH,

Dario