Below is a sample configuration of the Admin Context of the Cisco ACE Appliance not the MODULE.
hostname ACE_ONE -> Hostname of Primary ACE
peer hostname ACE_TWO -> Optional if you have a secondary ACE
interface port-channel 1 -> Channel Group for ACE
description Port-Channel 1
switchport trunk allowed vlan 1-1024 -> VLAN Trunks to allow
no shutdown
Create a port channel on your switch and bind all 4 interfaces total 4 gig connections.
interface gigabitEthernet 1/1
speed 1000M
duplex FULL
channel-group 1
no shutdown
interface gigabitEthernet 1/2
speed 1000M
duplex FULL
channel-group 1
no shutdown
interface gigabitEthernet 1/3
speed 1000M
duplex FULL
channel-group 1
no shutdown
interface gigabitEthernet 1/4
speed 1000M
duplex FULL
channel-group 1
no shutdown
clock timezone standard EST
clock summer-time standard EDT
ntp server ntp.time.com
access-list ALL line 8 extended permit ip any any -> This access will permit all traffic inbound
class-map type management match-any remote_access -> Create a class map for management
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy -> Policy map for management
class remote_access
permit
interface vlan 100
ip address 10.20.100.10 255.255.255.0 -> IP Address of main ACE
peer ip address 10.20.100.11 255.255.255.0 -> Optional if you have a secondary ACE
access-group input ALL -> Access-list ALL
service-policy input remote_mgmt_allow_policy -> Service Policy for management
no shutdown
ip route 0.0.0.0 0.0.0.0 10.20.100.1 -> Create a Static Route. In this case, I use the gateway for the interface VLAN 100.
username admin password 5 $0&uusanalljsd99865%$ role Admin domain default-domain -> Admin user for the admin context.
Below is optional if you have a secondary ACE for high availability. FT interface can be a dedicated VLAN or one of the physical interface of the ACE. Note: If you use the physical interface for high availability you can only bind 3 physical interfaces on your ACE.
ft interface vlan 800
ip address 192.168.200.1 255.255.255.252
peer ip address 192.168.200.2 255.255.255.252
no shutdown
ft peer 1 -> Optional if you have a secondary ACE for high availability
heartbeat interval 300
heartbeat count 20
ft-interface vlan 800
ft group 2 -> Optional if you have a secondary ACE for high availability
peer 1
priority 101
peer priority 90
associate-context Admin -> Add the Admin context to ft group 2
inservice
On my next post, I will show you how to create a virtual context in the admin context.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment