Question in regard to management VLAN for each Context in ACE module

Dear Pros,
I know this will be a simple questions to answer, and I have searched the forum, but I am not able to find the answer I need.
1) Does the ACE module require an Management IP address for each Context? Should the same VLAN be applied to each context, with larger size subnet to supply host address?
2) If it does require that, what IP address should I used for default route in each context.
I will be utilizing "Bridge Mode" for my application to transition the current network from Foundry to ACE. I will later on apply the "Routed Mode" model.
Each ACE module will have 3 seperate Context, for a total of 4 including the Admin.
Any suggestions or if you can point me to location as always will be greatly apprecaited.
Thanks and best regards.
Raman Azizian

Hi,
you have several options to choose from.
1. Use Admin context for management
You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.
+ Easy and straightforward
- snmp and syslog are using the ip from each individual context and not the management IP
2. Use a Large subnet and assign an IP address in each context for management.
You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.
+ each context has its own managment address
- static routes need to be added
3. Use your client-side ip address (or BVI) as management address.
You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.
+ no static routes needed
- inline management
Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.
If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.
HTH,
Dario

Similar Messages

  • Configuring Management VLAN for standalone Nexus 5k

    Hi All,
    The architecture in the attachment doesnt require redundancy and hence has a single N5k with N2k as FEX. The setup is working fine except for the management vlan and mgmt 0 interface being down.
    As of now, mgmt0 interface has no link connected to it. The VLAN for nexus management is also down as mgmt0 cant be assigned to vlans.. Configuring management IP to Loopback interface also doesnt allow adding the same to management vlan.
    Is mgmt0 an RJ45 compatible port with N5596? and is there a way I can have out of band management for Nexus 5596? Is there a way I can assign a management IP to the FEX?
    Thanks for the inputs.
    Thanks,
    Bala S

    Hello Balachandhar,
    Mgmt interface on N5K exists to provide out of band management to the device.
    Mgmt interface belongs to management vrf. You can reach the N5K on mgmt interface once you configure IP to mgmt interface and connect it to upstream switch port belonging to mgmt vlan.
    The FEX cannot be seperately managed. You need to connect to the parent N5K device and manage it.
    HTH
    Padma

  • Management VLAN for Catalyst 3524

    Hi,
    I'm currently using VLAN30 as my management VLAN (172.16.xxx.xxx) and would like to use VLAN20 for the management VLAN. After configuring VLAN20 as my management VLAN, the changes didn't get updated in the running-config. The IOS commands used are:
    config t
    int vlan 20
    ip address 149.199.xxx.xxx 255.255.252.0
    no shutdown

    Hi Ankur,
    This switch is in VTP client mode. When I did a show vlan, the output is as follows. VLAN 20 is already active.
    VLAN Name Status
    1 default active
    20 core-network active
    When I did a sh ip int brief, the output is as follows:
    VLAN1 unassigned YES manual up
    VLAN20 149.xx.xx.xx YES manual deleted
    VLAN30 172.xx.xx.xx YES manual up
    The VLAN 20 showed as deleted. I think this was because I issued the no int vlan 20 command as shown below:
    config t
    int vlan 20
    ip address 149.xx.xx.xx.255.255.255.0 (For setting it as the management VLAN)
    no int vlan 20
    How do I set VLAN20 as the Management VLAN again?
    What is the difference between the following:
    i) int vlan 20
    shutdown
    ii) no int vlan 20

  • This is regarding printing vertical lines for each and every field

    Hi to all.....
    1....Hi
    here is a requirement
    i want to print vertical lines and horizontal lines for each and every field in the output of a report.Here i want to see the output just like table i.e i want to draw line after each field.
                             suppose if the output list contains just 10 records, then the vertical line must end for 10 records.how to draw vertical lines for this requirement.
    thanks and regards,
    k.swaminath

    Hi
    In report you can use
    sy-uline for horizontal line
    sy-vline for vertical lines.
    Check this sample report
    DATA: BEGIN OF USR_TABL OCCURS 0.
    INCLUDE STRUCTURE UINFO.
    DATA: END OF USR_TABL.
    DATA: L_LENGTH TYPE I,
    T_ABAPLIST LIKE ABAPLIST OCCURS 0 WITH HEADER LINE, BEGIN OF T_USER OCCURS 0, COUNTER TYPE I, SELECTION TYPE C, MANDT LIKE SY-MANDT, BNAME LIKE SY-UNAME, NAME_FIRST LIKE V_ADRP_CP-NAME_FIRST, NAME_LAST LIKE V_ADRP_CP-NAME_LAST, DEPARTMENT LIKE V_ADRP_CP-DEPARTMENT, TEL_NUMBER LIKE V_ADRP_CP-TEL_NUMBER, END OF T_USER, L_CLIENT LIKE SY-MANDT, L_USERID LIKE UINFO-BNAME, L_OPCODE TYPE X, L_FUNCT_CODE(1) TYPE C, L_TEST(200) TYPE C.
    L_OPCODE = 2.
    CALL ‘ThUsrInfo’ ID ‘OPCODE’ FIELD L_OPCODE
    ID ‘TAB’ FIELD USR_TABL-*SYS*.
    CLEAR T_USER. REFRESH T_USER.
    LOOP AT USR_TABL.
    T_USER-MANDT = USR_TABL-MANDT. T_USER-BNAME = USR_TABL-BNAME. APPEND T_USER.
    ENDLOOP.
    SORT T_USER.
    DELETE ADJACENT DUPLICATES FROM T_USER.
    LOOP AT T_USER.
    T_USER-COUNTER = SY-TABIX. SELECT V~NAME_FIRST V~NAME_LAST V~DEPARTMENT V~TEL_NUMBER INTO (T_USER-NAME_FIRST, T_USER-NAME_LAST, T_USER-DEPARTMENT, T_USER-TEL_NUMBER) FROM USR21 AS U JOIN V_ADRP_CP AS V ON U~PERSNUMBER = V~PERSNUMBER AND U~ADDRNUMBER = V~ADDRNUMBER WHERE U~BNAME = T_USER-BNAME. ENDSELECT. MODIFY T_USER.
    ENDLOOP.
    SORT T_USER BY NAME_LAST NAME_FIRST.
    PERFORM DISPLAY_LIST.
    TOP-OF-PAGE.
    PERFORM DISPLAY_MENU.
        * End of top-of-page
    TOP-OF-PAGE DURING LINE-SELECTION.
    PERFORM DISPLAY_MENU.
        * End of top-of-page during line-selection
    AT LINE-SELECTION.
    IF SY-CUROW = 2. IF SY-CUCOL < 19. T_USER-SELECTION = ‘X’. MODIFY T_USER TRANSPORTING SELECTION WHERE SELECTION = ‘’. PERFORM DISPLAY_LIST. ELSEIF SY-CUCOL < 36. CLEAR T_USER-SELECTION. MODIFY T_USER TRANSPORTING SELECTION WHERE SELECTION = ‘X’. PERFORM DISPLAY_LIST. ELSEIF SY-CUCOL < 50. PERFORM TRANSFER_SELECTION. PERFORM POPUP_MSG. ELSEIF SY-CUCOL < 67. PERFORM TRANSFER_SELECTION. SORT T_USER BY NAME_LAST. PERFORM DISPLAY_LIST. ELSEIF SY-CUCOL < 81. PERFORM TRANSFER_SELECTION. SORT T_USER BY NAME_FIRST. PERFORM DISPLAY_LIST. ELSEIF SY-CUCOL < 93. PERFORM TRANSFER_SELECTION. SORT T_USER BY MANDT. PERFORM DISPLAY_LIST. ENDIF. ENDIF.
        * End of line-selection
    *& Form DISPLAY_LIST
    FORM DISPLAY_LIST.
    SY-LSIND = 0.
    FORMAT COLOR COL_NORMAL INTENSIFIED OFF.
    LOOP AT T_USER.
    WRITE: / SY-VLINE, T_USER-SELECTION AS CHECKBOX, SY-VLINE, T_USER-MANDT, SY-VLINE, T_USER-BNAME, SY-VLINE, T_USER-NAME_FIRST(15), SY-VLINE, T_USER-NAME_LAST(15), SY-VLINE, T_USER-DEPARTMENT, SY-VLINE, T_USER-TEL_NUMBER(20), SY-VLINE. HIDE: T_USER-COUNTER, T_USER-SELECTION.
    ENDLOOP.
    FORMAT COLOR OFF.
    WRITE: /(108) SY-ULINE.
    ENDFORM. ” DISPLAY_LIST
    *& Form DISPLAY_MENU
    FORM DISPLAY_MENU.
    FORMAT COLOR COL_HEADING HOTSPOT. WRITE: (91) SY-ULINE, / SY-VLINE NO-GAP, (4) ICON_SELECT_ALL NO-GAP, ‘Select All’, SY-VLINE NO-GAP, (4) ICON_DESELECT_ALL NO-GAP, ‘Deselect All’, SY-VLINE NO-GAP, (4) ICON_SHORT_MESSAGE NO-GAP, ‘Send Popup’, SY-VLINE NO-GAP, (4) ICON_SORT_UP NO-GAP, ‘Last Name’ NO-GAP, SY-VLINE NO-GAP, (4) ICON_SORT_UP NO-GAP, ‘First Name’ NO-GAP, SY-VLINE NO-GAP, (4) ICON_SORT_UP NO-GAP, ‘Client’ NO-GAP, SY-VLINE, /(91) SY-ULINE, /(108) SY-ULINE. FORMAT HOTSPOT OFF. WRITE: / SY-VLINE, ’ ‘, SY-VLINE, ‘Cli’, SY-VLINE, ‘User ‘, SY-VLINE, ‘First Name ‘, SY-VLINE, ‘Last Name ‘, SY-VLINE, ‘Department ‘, SY-VLINE, ‘Telephone ‘, SY-VLINE, /(108) SY-ULINE. FORMAT COLOR OFF.
    ENDFORM. ” DISPLAY_MENU
    *& Form TRANSFER_SELECTION
    FORM TRANSFER_SELECTION.
    DO. READ LINE SY-INDEX FIELD VALUE T_USER-SELECTION. IF SY-SUBRC <> 0. EXIT. ENDIF. MODIFY T_USER TRANSPORTING SELECTION WHERE COUNTER = T_USER-COUNTER. ENDDO. CLEAR T_USER.
    ENDFORM. ” TRANSFER_SELECTION
    *& Form POPUP_MSG
    FORM POPUP_MSG.
    DATA: L_MSG LIKE SM04DIC-POPUPMSG VALUE ‘Experimental Message’, L_LEN TYPE I, L_RET TYPE C. LOOP AT T_USER WHERE SELECTION = ‘X’. PERFORM GET_MESSAGE CHANGING L_MSG L_RET. EXIT. ENDLOOP. IF L_RET = ‘A’. “User cancelled the message EXIT. ENDIF.
        * Get the message text
    L_LEN = STRLEN. LOOP AT T_USER WHERE SELECTION = ‘X’. CALL FUNCTION ‘TH_POPUP’ EXPORTING CLIENT = T_USER-MANDT USER = T_USER-BNAME MESSAGE = L_MSG MESSAGE_LEN = L_LENGTH
        * CUT_BLANKS = ’ ’
    EXCEPTIONS USER_NOT_FOUND = 1 OTHERS = 2. IF SY-SUBRC <> 0. WRITE: ‘User ‘, T_USER-BNAME, ‘not found.’. ENDIF. ENDLOOP. IF SY-SUBRC <> 0.
        * Big error! No user has been selected.
    MESSAGE ID ‘AT’ TYPE ‘E’ NUMBER ‘315’ WITH ‘No user selected!’. EXIT. ENDIF.
    ENDFORM. ” POPUP_MSG
    *& Form GET_MESSAGE
    FORM GET_MESSAGE CHANGING P_L_MSG LIKE SM04DIC-POPUPMSG
    P_RETURNCODE TYPE C.
    DATA: BEGIN OF FIELDS OCCURS 1. INCLUDE STRUCTURE SVAL.
    DATA: END OF FIELDS, RETURNCODE TYPE C.
    FIELDS-TABNAME = ‘SM04DIC’.
    FIELDS-FIELDNAME = ‘POPUPMSG’.
    FIELDS-FIELDTEXT = ‘Message :’. CONCATENATE ’ – Msg from’ SY-UNAME ‘.’ INTO FIELDS-VALUE SEPARATED BY ’ ‘. APPEND FIELDS.
    CALL FUNCTION ‘POPUP_GET_VALUES’
    EXPORTING POPUP_TITLE = ‘Supply the popup message’
    IMPORTING RETURNCODE = P_RETURNCODE
    TABLES FIELDS = FIELDS.
    IF P_RETURNCODE = ‘A’.
    EXIT.
    ELSE.
    READ TABLE FIELDS INDEX 1.
    P_L_MSG = FIELDS-VALUE.
    ENDIF.
    ENDFORM. ” GET_MESSAGE
    *—End of Program
    Regards
    Pavan

  • Graphical mapping question - need to create 2 nodes for each record

    The mapping is from flat to nested, i.e. flat file to FIDCC2 idoc. Each record has to go to 2 repeated IDoc segments, each one with different posting key. Right now, I have it working for each record to a segment(for one segment) by using splitByValue (value change). How can I repeat the creation of another but with slightly different constant.
    Also, how do I add line numbers? I remember seeing a posting on this a while ago - cannot locate it.
    Will be Rewarded WELL.
    Thanks,
    Pam

    Hi, Pam
    Using the following example to store it as global variable
    SetParameter from GloabalContainer:
    container.getGlobalContainer ().setParameter ("COUNTER", "0");
    GetParameter from GloabalContainer:
    String myCounter = (String) container.getGlobalContainer().getParameter ("COUNTER");
    When you map to your constant, store it in global variable, then you map other field, get current global variable, check its value, based on the value, you do proper mapping.
    Hope it helps
    Liang

  • SAS Token failed with 403 error while generating for each request using ARR module

    Hi,
    We are doing an e-Learning application, which plays a course on the browser (inside a div control). The course contains list of static contents such as html, js, css etc., and media files .mp4. We are hosting the static contents (.html, .js, .css etc) into
    Azure blob storage and media files into Media Service and CDN.
    When user triggers to take a course, the browser first request the Web Role with landing page (Ex: FirstPage.html) and with Course Unique Id - Ex:
    https://cloudservice1.cloudapp.net/course/courseid/firstpage.html. We have written a custom ARR Module (http://www.iis.net/learn/extensions/url-rewrite-module/developing-a-custom-rewrite-provider-for-url-rewrite-module),
    which receives the request, parse it and generate blob storage url with SAS token using C# code for each file. Then route to blob storage. (we have already passing storage account details to ARR Module using Web.config)
    For single user, the course plays fine. But we do the load testing with > 400 user load (with 5 instances), we are getting many 403 errors (and not all files). If the load is less than 200, we don’t get such issue.
    Also, we are using REST code to generate the SAS token. When the SAS token expiration time extending more than 60 min, getting error “Access without signed identifier cannot have time window more than 1 hour”. As the code is exist in ARR Module, unable to
    refer the Storage Client assembly. This 60 min time interval is for each file request – so there could not be an issue on expiration, but feeling this might be an issue?
    Can you please point me what could be the issue and how to solve this. Is the ARR Module caching the SAS token and providing the same even after the expiration time?
    Many Thanks, Thirumalai M

    hi,
    There is a similar thread (http://stackoverflow.com/a/17572316 ), I recommend you could refer to it.
    And I'd like to know how to set the expiry time in your code, and you could see this page (http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
    Regards,
    Will
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • I have a question in regards to spyware / keylogger for my MacBook Pro. My employer recently asked for my MacBook to "make sure it running smoothly" I currently have no issues. I haven't yet gave it to them. How can I tell if keylogger/spyware added?

    so I havent gave them my MacBook yet but I highly suspect they will be adding keylogger or spyware of some sort. It there a easy way to help me tell if they have added something before i hand it over to them so I can't tell what they have done?

    If the computer is owned by your employer, not by you, then you should use it as it's given to you. Use it only for work, not for anything personal. Don't have any expectation of privacy while using it. Don't connect it to your home network. Assume that a keylogger or any other kind of monitoring software is installed.

  • Slow TCP performance for traffic routed by ACE module

    Hi,
    the customer uses two ACE20 modules in active-standby mode. The ACE load-balances servers correctly. But there is a problem with communication between servers in the different ACE contexts. When the customer uses FTP from one server in one context to the other server in other context the throughput through ACE is about 23 Mbps. It is routed traffic in ACE:-(  See:
    server1: / #ftp server2
    Connected to server2.cent.priv.
    220 server2.cent.priv FTP server (Version 4.2 Wed Apr 2 15:38:27 CDT 2008) ready.
    Name (server2:root):
    331 Password required for root.
    Password:
    230 User root logged in.
    ftp> bin
    200 Type set to I.
    ftp> put "|dd if=/dev/zero bs=32k count=5000 " /dev/null
    200 PORT command successful.
    150 Opening data connection for /dev/null.
    5000+0 records in.
    5000+0 records out.
    226 Transfer complete.
    163840000 bytes sent in 6.612 seconds (2.42e+04 Kbytes/s)
    local: |dd if=/dev/zero bs=32k count=5000  remote: /dev/null
    ftp>
    The output from show resource usage doesn't show any drops:
    conc-connections              0          0     800000    1600000          0
      mgmt-connections             10         54      10000      20000          0
      proxy-connections             0          0     104858     209716          0
      xlates                        0          0     104858     209716          0
      bandwidth                     0      46228   50000000  225000000          0
        throughput                  0       1155   50000000  100000000          0
        mgmt-traffic rate           0      45073          0  125000000          0
      connections rate              0          9     100000     200000          0
      ssl-connections rate          0          0        500       1000          0
      mac-miss rate                 0          0        200        400          0
      inspect-conn rate             0          0        600       1200          0
      acl-memory                 7064       7064    7082352   14168883          0
      sticky                        6          6     419430          0          0
      regexp                       47         47     104858     209715          0
      syslog buffer            794624     794624     418816     431104          0
      syslog rate                   0         31      10000      20000          0
    There is parameter map configured with rebalance persistant for cookie insertion in the context.
    Do you know how can I increase performance for TCP traffic which is not load-balanced, but routed by ACE? Thank you very much.
    Roman

    Default inactivity timeouts used by ACE are
    icmp 2sec
    tcp 3600sec
    udp 120sec
    With your config you will change inactivity for every protocol to 7500sec.If you want to change TCP timeout to 7500sec and keep the
    other inactivity timeouts as they are now use following
    parameter-map type connection GLOBAL-TCP
    set timeout inactivity 600
    parameter-map type connection GLOBAL-UDP
    set timeout inactivity 120
    parameter-map type connection GLOBAL-ICMP
    set timeout inactivity 2
    class-map match-all ALL-TCP
    match port tcp any
    class-map match-all ALL-UDP
    match port tcp any
    class-map match-all ALL-ICMP
    match port tcp any
    policy-map multi-match TIMEOUTS
    class ALL-TCP
    connection advanced GLOBAL-TCP
    class ALL-UDP
    connection advanced GLOBAL-UDP
    class ALL-TCP
    connection advanced GLOBAL-ICMP
    and apply service-policy TIMEOUTS globally
    Syed Iftekhar Ahmed

  • One Managed Bean for a set of pages

    Can I have one Managed Bean (request scope) for a set of pages using Creator? Or should I have one Managed Bean for each page?
    Thanks in advance,
    Juan

    Hi,
    Please take a look at the following threads:
    http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=51481
    http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54165
    http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=51912
    Hope this hepls
    Regards,
    Rk.

  • Wireless AP Management VLAN and BVIs

    Hi All,
    I've been looking around and I can't find a solution to what I am trying to achieve and I was hoping the community may have had more luck than I have.
    I'm looking to have my management VLAN for my AP setup as a tagged BVI but I'm struggling to get it setup. I can set it up fine using BVI1 and having it just accessed on the native VLAN but I see this as a security flaw, I don't really want direct access into my management network on the switch.
    Now there may be a better way of preventing this but I am, at least compared to many, still fairly new to Cisco and this seems to be the best approach. Please see below for my current config, hopefully you can let me know where I am going wrong.
    Also, as a note, at the moment I am mainly focusing on the management security of the AP before I check the wifi config, hence the radios still being shutdown so there may also be small errors in this. I have also removed some elements which are not relevant.
    version 15.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname AP01
    no ip source-route
    no ip cef
    dot11 syslog
    dot11 ssid <Guest secure network SSID>
       vlan 30
       authentication open
       authentication key-management wpa version 2
       guest-mode
       wpa-psk ascii <key>
    dot11 ssid <Internal Secure SSID>
       vlan 10
       authentication open
       authentication key-management wpa version 2
       wpa-psk ascii <key>
    ip ssh version 2
    bridge irb
    interface Dot11Radio0
     no ip address
     no ip route-cache
     shutdown
     encryption vlan 10 mode ciphers aes-ccm tkip
     encryption vlan 30 mode ciphers aes-ccm tkip
     ssid <Guest secure network SSID>
     ssid <Internal Secure SSID>
     antenna gain 0
     packet retries 64 drop-packet
     channel 2437
     station-role root
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 spanning-disabled
     bridge-group 1 port-protected
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding
    interface Dot11Radio0.10
     encapsulation dot1Q 10
     no ip route-cache
     bridge-group 10
     bridge-group 10 subscriber-loop-control
     bridge-group 10 spanning-disabled
     bridge-group 10 block-unknown-source
     no bridge-group 10 source-learning
     no bridge-group 10 unicast-flooding
    interface Dot11Radio0.30
     encapsulation dot1Q 30
     no ip route-cache
     bridge-group 30
     bridge-group 30 subscriber-loop-control
     bridge-group 30 spanning-disabled
     bridge-group 30 block-unknown-source
     no bridge-group 30 source-learning
     no bridge-group 30 unicast-flooding
    interface Dot11Radio1
     no ip address
     no ip route-cache
     shutdown
     encryption vlan 10 mode ciphers aes-ccm tkip
     encryption vlan 30 mode ciphers aes-ccm tkip
     ssid <Guest secure network SSID>
     ssid <Internal Secure SSID>
     antenna gain 0
     peakdetect
     no dfs band block
     packet retries 64 drop-packet
     channel dfs
     station-role root
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 spanning-disabled
     bridge-group 1 port-protected
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding
    interface Dot11Radio1.10
     encapsulation dot1Q 10
     no ip route-cache
     bridge-group 10
     bridge-group 10 subscriber-loop-control
     bridge-group 10 spanning-disabled
     bridge-group 10 block-unknown-source
     no bridge-group 10 source-learning
     no bridge-group 10 unicast-flooding
    interface Dot11Radio1.30
     encapsulation dot1Q 30
     no ip route-cache
     bridge-group 30
     bridge-group 30 subscriber-loop-control
     bridge-group 30 spanning-disabled
     bridge-group 30 block-unknown-source
     no bridge-group 30 source-learning
     no bridge-group 30 unicast-flooding
    interface GigabitEthernet0
     no ip address
     no ip route-cache
     duplex auto
     speed auto
     no keepalive
    interface GigabitEthernet0.10
     encapsulation dot1Q 10
     no ip route-cache
     bridge-group 10
     bridge-group 10 spanning-disabled
     no bridge-group 10 source-learning
    interface GigabitEthernet0.30
     encapsulation dot1Q 30
     no ip route-cache
     bridge-group 30
     bridge-group 30 spanning-disabled
     no bridge-group 30 source-learning
    interface GigabitEthernet0.100
     encapsulation dot1Q 100
     no ip route-cache
     bridge-group 100
     bridge-group 100 spanning-disabled
     no bridge-group 100 source-learning
    interface GigabitEthernet0.101
     encapsulation dot1Q 999 native
     no ip route-cache
     bridge-group 1
     bridge-group 1 spanning-disabled
     no bridge-group 1 source-learning
    interface BVI1
     no ip address
     no ip route-cache
     shutdown
    interface BVI100
     mac-address <Actual ethernet address>
     ip address 10.33.100.101 255.255.255.0
     no ip route-cache
    ip default-gateway 10.33.100.254
    ip forward-protocol nd
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 route ip
    bridge 100 protocol ieee
    bridge 100 route ip
    line con 0
     logging synchronous
    line vty 0 4
     transport input ssh
    end
    As you can see I am using BVI100 as the management VLAN for the device and BVI1 is shutdown with vlan 999/int gi0/101 holding bridge group 1.
    With this setup I can't get any IP communication, send or receive but I can see the MAC address on the switch in the MAC address table on vlan100. There is also no entries in the ARP table of the AP.
    The switch is setup with vlan 999 untagged and vlans 10,30,100 as tagged.
    Hope you can help! Thanks for any advice in advanced.
    Many thanks,
    Martin.

    Yea that would work and I have set it up like this without issue but I'm trying to limit access to the management VLAN, I don't want someone to be able to plug directly into the switch and be on the same broadcast domain as alll of the other equipment.
    There are otherways of achieving this but I felt like I was so close with the above config but I was just missing something.

  • Boadcast control in management vlan

    Hi...
    I faced a problem where the management vlan was down due to exessive broadcast caused by some fiber uplink going bad.
    I can use udld but not sure whether it can be used where the uplink is UTP.
    I am thinkung of having several mamangement vlans, instead o keeping all my switches in a single one.
    Is that a good practise? Any other ideas?
    Thanks.

    You can enable UDLD with UTP. Creating multiple management VLANs depends on how much broadcast traffic is there within that vlan under normal circumstances, how many nodes are in the vlan, how many trunks are there, are there any hubs in use and a few other factors. It doesn't hurt to create another management vlan for management and the reason why many networks out there just have one management vlan is for simplification.
    Pls. rate all helpful posts.
    --Sundar

  • Managment VLAN 1

    Hi Everyone,
    I m working with a leading ISP in India.The issue is that our engineering team has come up with the plan of migrating all management vlans for metro and other switches to vlan1.Presently we are using spearate vlans for management.Somethig like below.
    Aggregation router#show runn inter gi0/2.137
    Building configuration...
    Current configuration : 250 bytes
    interface GigabitEthernet0/2.137
    description Connectivity for ABC
    encapsulation dot1Q 137
    ip address 203.154.26.97 255.255.255.240
    ip policy route-map ABC
    no cdp enable
    end
    Switch 1 end:(2950)
    interface Vlan137
    ip address 203.154.26.101 255.255.255.240
    no ip route-cache
    ip default-gateway 203.154.26.97
    switch 2:(2950)
    interface Vlan137
    ip address 203.154.26.103 255.255.255.240
    no ip route-cache
    ip default-gateway 203.154.26.97
    The router inter gi0/3 is connected to the trunk port on summit switch and a wireless device provides connectivity to the switch 1 and further another oen to switch 2.
    The entire pasth is on layer 2.
    Please suggest as to how can i migrate to mgmt vlan 1.
    Can it be something like
    inter gi0/2.1
    encapsulation dot1q 1
    ip addres
    since 2950s dont support more thane one active mgmt vlan wat can be the best way of migration???

    This is a tricky proposition. Best way you mean without getting disconnected, right? Cause when you start to change the mgmt interface via telnet, you are risking of getting disconnected once the mgmt inteface is change. for example, you know that there can only be one active interface vlan on 2950 for mgmt purpose. If you are changing the interface vlan from vlan 237 to vlan 1, if they will have the same ip address, you'll have to shut down one of them. Let's say you are able to do that, then how will you bring up the other interface with getting disconnected? remember you are telneted in. the best way will be to console in when you make changes on the mgmt vlan. You'll probably have to walk to the switch anyway if you made the change via telnet. changing the mgmt vlan will not affect the switch's ability to switch packets.

  • "for each" loop - under the hood question

    Question about the for each loop. Is it optomized? I think this is a poor use of memory management -
    for (int i = 0; i < stop; i++) {
    Object obj = new Object();
    doSomething(obj);
    }And this is the ideal, using the same object -
    Object obj = new Object();
    for (int i = 0; i < stop; i++) {
    doSomething(obj);
    }So underneath the hood, which is the for each loop comparable to? I love the syntax, it's very clean-looking in the code, but at the same time I don't want to hurt performance.

    Question about the for each loop. Is it optomized? I
    think this is a poor use of memory management -
    for (int i = 0; i < stop; i++) {
    Object obj = new Object();
    doSomething(obj);
    }And this is the ideal, using the same object -
    Object obj = new Object();
    for (int i = 0; i < stop; i++) {
    doSomething(obj);
    }So underneath the hood, which is the for each loop
    comparable to? I love the syntax, it's very
    clean-looking in the code, but at the same time I
    don't want to hurt performance.That depends on YOU. You CANNOT write a for-each loop for the code you provided. A for-each loop requires an Iterable. (I think that's what it requires--it at least requires something to iterate over, not just an index variable as you have.)
    Consider the following, however:
    Object o1 = new Object();
    for (Foo foo : fooList) {
        Object o2 = new Object();
         foo.doStuff(o1, o2);
    } It will be equivalent to this:Object o1 = new Object();
    for (Iterator iter = foo.iterator(); iter.hasNext();) {
        Foo foo = (Foo)iter.next();
        Object o2 = new Object();
        foo.doStuf(o1, o2);
    } How could it be any different? It has to keep the behvior of the "old fashioned" iteration.

  • Have a Question regarding RTP Manager?

    Please SomeBody Tell me!
    I am Creating an RTP Player for Each New Receive Stream using RTP Manager.
    I have some question::
    What is the role of SourceDescription in initialize(SessionAddress[] local,Source
    Descritpion[] source,double d,double d,EncryptionInfo encry)?
    Is there any role of AddTarget(SessionAddress dest) nedeed in my application?

    What is the role of SourceDescription in initialize(SessionAddress[] local,Source
    Descritpion[] source,double d,double d,EncryptionInfo encry)?From the API:
    sourceDescription - An array of SourceDescription objects  containing information to send in RTCP SDES packets for the local participant.  This information  can be changed by calling setSourceDescription() on the local Participant object.
    So, source description is used to tell the remote participants things about the sender.
    Is there any role of AddTarget(SessionAddress dest) nedeed in my application?AddTarget tells the RTPManager where to send the RTP streams, so if you expect anyone to receive your streams, you damned well better add them as a target.

  • Is it possible to use management Vlan as FT Vlan for ACE4710?

    Is it allowed to configure ACE4710 management vlan as a FT vlan between two appliances? If allowed, what's the consequence of not using a dedicated FT Vlan?
    Thanks a lot

    You should not have any other traffic on the dedicated FT vlan.
    This is from the docs.
    Note Do not use this dedicated VLAN for any other network traffic, including HSRP and data
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/administration/guide/redundcy.html#wp999787
    Having any other traffic on this vlan could cause a problem with FT heart beats being dropped, and both ACE could become active. Definitely use a dedicated FT Vlan.
    Regards
    Jim

Maybe you are looking for

  • MIDI Loops & Loop Browser

    Does anyone know if MIDI loops can be manually added to the Loop Browser?

  • When I open iTunes it keeps trying to download a previously downloaded purchase.

    When I open iTunes with my iPhone attached to the computer, my computer keeps trying to download "Downton Abbey" Episode 3 Season 1, which locks up the computer for hourws. I have already downloaded this season, including this episode, syched it to t

  • Newbie question (I think you can answer me)

    Hello. I am a newbie about EJB. But I am teacher of a Java course and I have introduced EJB to my students. I have said them that EJB is good for big applications but, when the application is small, is overkill (I read this in several books). But the

  • Static list from table depending on user type

    All i have a table where i define users and their roles, and i want to setup a static list that would display something like the following, but i want to filter depending on the users role so if the user is lets say part of dev then i want them to se

  • Override hashCode() method

    hi, I'm writing a very simple hashCode() function (3different way), which uses 2 string to calculate the hashCode, it looks somethings like this: 1)... public int hashCode() { str1 = "abc"; //Can be replaced by any string str2 = "cde"; //Can be repla