Friday, April 15, 2011

Cisco ACE Appliance Admin Context Sample Configuration

Below is a sample configuration of the Admin Context of the Cisco ACE Appliance not the MODULE.

hostname ACE_ONE -> Hostname of Primary ACE
peer hostname ACE_TWO -> Optional if you have a secondary ACE

interface port-channel 1 -> Channel Group for ACE
description Port-Channel 1
switchport trunk allowed vlan 1-1024 -> VLAN Trunks to allow
no shutdown

Create a port channel on your switch and bind all 4 interfaces total 4 gig connections.
interface gigabitEthernet 1/1
speed 1000M
duplex FULL
channel-group 1
no shutdown

interface gigabitEthernet 1/2
speed 1000M
duplex FULL
channel-group 1
no shutdown

interface gigabitEthernet 1/3
speed 1000M
duplex FULL
channel-group 1
no shutdown

interface gigabitEthernet 1/4
speed 1000M
duplex FULL
channel-group 1
no shutdown



clock timezone standard EST
clock summer-time standard EDT
ntp server ntp.time.com


access-list ALL line 8 extended permit ip any any -> This access will permit all traffic inbound


class-map type management match-any remote_access -> Create a class map for management
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy -> Policy map for management
class remote_access
permit

interface vlan 100
ip address 10.20.100.10 255.255.255.0 -> IP Address of main ACE
peer ip address 10.20.100.11 255.255.255.0 -> Optional if you have a secondary ACE
 access-group input ALL -> Access-list ALL
service-policy input remote_mgmt_allow_policy -> Service Policy for management
no shutdown

ip route 0.0.0.0 0.0.0.0 10.20.100.1 -> Create a Static Route. In this case, I use the gateway for the interface VLAN 100.

username admin password 5 $0&uusanalljsd99865%$ role Admin domain default-domain -> Admin user for the admin context.


Below is optional if you have a secondary ACE for high availability. FT interface can be a dedicated VLAN or one of the physical interface of the ACE. Note: If you use the physical interface for high availability you can only bind 3 physical interfaces on your ACE.
ft interface vlan 800
ip address 192.168.200.1 255.255.255.252
peer ip address 192.168.200.2 255.255.255.252
no shutdown

ft peer 1 -> Optional if you have a secondary ACE for high availability
 heartbeat interval 300
heartbeat count 20
ft-interface vlan 800

ft group 2 -> Optional if you have a secondary ACE for high availability
 peer 1
priority 101
peer priority 90
associate-context Admin -> Add the Admin context to ft group 2
inservice





On my next post, I will show you how to create a virtual context in the admin context.
Posted by at No comments:

Tuesday, April 12, 2011

Our New Mini Server Room

We finally finish our mini server room. The server room are mostly for our virtual servers and our Netapps.



We have one of our 6509 VSS in this datacenter & the other VSS is in another closet.

Posted by at No comments:
Subscribe to: Posts (Atom)