02-08-2010 08:22 AM
Dear Pros,
I know this will be a simple questions to answer, and I have searched the forum, but I am not able to find the answer I need.
1) Does the ACE module require an Management IP address for each Context? Should the same VLAN be applied to each context, with larger size subnet to supply host address?
2) If it does require that, what IP address should I used for default route in each context.
I will be utilizing "Bridge Mode" for my application to transition the current network from Foundry to ACE. I will later on apply the "Routed Mode" model.
Each ACE module will have 3 seperate Context, for a total of 4 including the Admin.
Any suggestions or if you can point me to location as always will be greatly apprecaited.
Thanks and best regards.
Raman Azizian
Solved! Go to Solution.
02-08-2010 12:11 PM
The default route should point to the the L3 VLAN. For example I used some 172.16. addresses, but my mangement network is in the 10 network. Hopefully the crude picture that is attached will help.
02-09-2010 02:05 AM
Hi,
you have several options to choose from.
1. Use Admin context for management
You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.
+ Easy and straightforward
- snmp and syslog are using the ip from each individual context and not the management IP
2. Use a Large subnet and assign an IP address in each context for management.
You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.
+ each context has its own managment address
- static routes need to be added
3. Use your client-side ip address (or BVI) as management address.
You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.
+ no static routes needed
- inline management
Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.
If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.
HTH,
Dario
02-08-2010 09:11 AM
What I did was create a managment context and assign it an IP in my management subnet. Best practice is to not manage the deive inline with your traffic.
Hope that helps.
02-08-2010 09:41 AM
Hi Collin,
Thanks for taking the time to look over my question.
So, I just want to make sure I understand.
If I have already created an VLAN for management, will the management traffic not traverse that vlan? I have allocated different vlan for each Context. My confusion is if each context has a unique IP address for management, will the default route on each context point to the Client/Server (bridge mode) vlan (L3 VLAN) or the management VLAN?
I have attached a sketch of my lab setup in case you are interested in seeing it.
Thanks,
raman
02-08-2010 09:45 AM
02-08-2010 12:11 PM
02-09-2010 02:05 AM
Hi,
you have several options to choose from.
1. Use Admin context for management
You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.
+ Easy and straightforward
- snmp and syslog are using the ip from each individual context and not the management IP
2. Use a Large subnet and assign an IP address in each context for management.
You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.
+ each context has its own managment address
- static routes need to be added
3. Use your client-side ip address (or BVI) as management address.
You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.
+ no static routes needed
- inline management
Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.
If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.
HTH,
Dario
02-09-2010 05:21 AM
Dario,
Your explanation helped clear my understanding of how the management model should be applied. I wish I had more time to investigate this implementation, but time is my enemy. My customer would like to have the ACE up and running, and it helps to see feedback's/suggestions from other professionals who have had experience implementing this product.
Thanks for taking the time to answer my question.
Best Regards,
Raman
02-09-2010 05:22 AM
Collin,
Thanks for your help. By looking at your suggestion and Dario, I am able to get the answer I was looking for.
Best Regards,
raman
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide