Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1531
Views
5
Helpful
1
Replies

M1 Management Services

kerryjudy
Level 1
Level 1

‎04-18-2013 08:45 AM

Does anyone know of or have a list of exactly what services/ports are being used when this option is seclected?

We do seperate our traffic by having this enabled but have had a few unexepected behaviours such as when moving the M1 int to a replacement core switch, some users had trouble with authentication. We worked it out but questions remain...

Where some of the confusion comes in is when we think the (M1) traffic would only effect our ability to access the WSA's and manage them but it's obviously more than just that.

Was hoping somewhere there may be a table that spelled out these services other than what's in the admin guide. Looking for greater detail if there is any just to get a better understanding...

M1 - management

     user AD auth

     admin auth

     ACS

     ??

P1 - data

     normal traffic flow, 80, 443, 21

    

A complete list would be very helpful...

Thanks                  

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Chetankumar Phulpagare
Cisco Employee
Cisco Employee

‎04-23-2013 05:41 AM

Hello,

Let me try to shed some light on this.

When the option "Separate routing (M1 port restricted to appliance management services only)" is chosen, WSA defines two kinds of traffic: Management traffic and Data traffic.

Data traffic: proxy traffic, which includes WCCP as well if enabled and PAC file hosting

Management traffic: Everything else, which means GUI access, Updates, Upgrade, DNS, Authentication, Feature Keys, Senderbase (wbnp), etc

Also, there are two different routing tables defined, which can be seen on the appliance management GUI under 'Network -> Routes'

Routes for Management Traffic (Interface M1: m.m.m.m, Interface P1: p.p.p.p)

and

Routes for Data Traffic (Interface P1: p.p.p.p)

This means WSA uses P1 interface for data traffic only which is fairly understandable.

This is where confusion arises. It can use both M1 or P1 interface for any outgoing management traffic that is generated by the device. Now, WSA does provide option to choose routing table under DNS settings as well as "Update & Upgrade settings"

For any incoming management traffic, such as Web GUI, SSH, logs over FTP, SNMP poll, etc, WSA listens to appropriate ports only on M1 interface.

Hope this helps

Thanks & Regards,

Chetan

Customers Also Viewed These Support Documents