Getting Started Guide vA5(1.0), Cisco ACE 4700 Series Application Control Engine Appliance
Setting Up an ACE Appliance
Downloads: This chapterpdf (PDF - 578.0KB) The complete bookPDF (PDF - 2.98MB) | Feedback

Setting Up an ACE Appliance

Table Of Contents

Setting Up an ACE Appliance

Information About Setting Up an ACE

Prerequisites for Setting Up an ACE

Default Settings

Setting Up an ACE

Establishing a Console Connection on the ACE

Enabling Management Connectivity Using the Setup Script

Assigning a Name to the ACE

Setting Up an ACE Appliance Using the Device Manager GUI

Logging in to the Device Manager GUI

Configuring a Second Gigabit Ethernet Interface Port

Configuring a Third Gigabit Ethernet Interface Port

Setting Up an ACE Appliance Using the CLI

Logging in to the ACE

Configuring the First Gigabit Ethernet Port

Allocating the First Gigabit Ethernet Port to a VLAN

Configuring a Management VLAN Interface on the ACE

Configuring a Second Gigabit Ethernet Interface Port

Configuring a Third Gigabit Ethernet Interface Port

Configuring Remote Management Access to the ACE

Accessing the ACE through a Telnet Session

Where to Go Next


Setting Up an ACE Appliance


This chapter describes how to set up a Cisco 4700 Series Application Control Engine (ACE) appliance. It includes the following major sections:

Information About Setting Up an ACE

Prerequisites for Setting Up an ACE

Default Settings

Setting Up an ACE

Where to Go Next


Note All configuration examples in this guide are based on IPv4. IPv6 is supported on the ACE appliance in software releases A5(1.0) and later. For information about configuring and using IPv6 with your ACE appliance, see Chapter 2, Overview of IPv6 in the A5(1.0) Routing and Bridging Guide, Cisco ACE Application Control Engine.


Information About Setting Up an ACE

After reading this chapter, you should have a basic understanding of how to configure a ACE service module appliance with the networking parameters necessary for communicating with a management device to configure server load balancing.

This chapter describes how to set up an ACE appliance using the example network setup illustrated in Figure 2-1.

Figure 2-1 Example Network Setup

The configuration of the example setup is as follows:

VLAN 1000 is assigned to the first Gigabit Ethernet port and is used for management traffic for both the Admin context and a user context.


Note A virtual local area network (VLAN) is a logical division of a computer network within which information can be transmitted for all devices to receive. VLANs enable you to segment a switched network so that devices in one VLAN do not receive information packets from devices in another VLAN.


VLAN 400 is assigned to the second Gigabit Ethernet port and is used for client-side traffic.

VLAN 500 is assigned to the third Gigabit Ethernet port and is used for server-side traffic.

None of the three Gigabit Ethernet ports used are trunked.

A management VLAN interface is configured for the Admin context with VLAN 1000 and IP address 172.25.91.110.

A management VLAN interface is configured for the user context VC_web with VLAN 1000 and IP address 172.25.91.111.

A client-side VLAN interface is configured for the user context VC_web with VLAN 400 and IP address 10.10.40.10.

A server-side VLAN interface is configured for the user context VC_web with VLAN 500 and IP address 10.10.50.1.

Four web servers are available to the ACE for load-balancing client requests.


Prerequisites for Setting Up an ACE

Setting up an ACE has the following prerequisites:

Complete the ACE installation instructions as described in the Hardware Installation Guide, Cisco ACE 4710 Application Control Engine Appliance.

Contact your network administrator to determine which VLANs and addresses are available for use by the ACE.

Setting up the ACE has the following requirements:

Terminal—The terminal that you use to communicate with the ACE must contain a terminal communications application, such as HyperTerminal for Windows, and be configured as follows:

Asynchronous transmission

9600 baud

8 data bits

1 stop bit

No parity

Cable—The cable that connects the terminal to the ACE must meet the following requirements:

Serial cable with an RJ-45 connector

Cable type—Rollover serial cable to connect the ACE to a DTE device

For instructions on connecting a console cable to your ACE, see the Hardware Installation Guide, Cisco ACE 4710 Application Control Engine Appliance.

Default Settings

Table 2-1 lists the default settings for the ACE setup parameters.

Table 2-1 Default Setup Parameters

Parameter
Default

User accounts

Administrator account:

username: admin / password: admin

XML interface account:

username: www: / password: admin

Host name

switch

Inactivity timeout

5 minutes

Gigabit Ethernet port, port mode, and management VLAN parameters when using the ACE setup script

Management VLAN allocated to the specified Ethernet port.

VLAN 1000 assigned as the management VLAN interface.

GigabitEthernet port mode configured as VLAN access port.

Extended IP access list that allows IP traffic originating from any other host addresses.

Traffic classification (class map and policy map) created for management protocols HTTP, HTTPS, ICMP, SSH, Telnet, and XML-HTTPS. HTTPS is dedicated for connectivity with the Device Manager GUI.

VLAN interface configured on the ACE and a policy map assigned to the VLAN interface.


Setting Up an ACE

This section includes the following topics:

Establishing a Console Connection on the ACE

Enabling Management Connectivity Using the Setup Script

Assigning a Name to the ACE

Setting Up an ACE Appliance Using the Device Manager GUI

Setting Up an ACE Appliance Using the CLI

After some initial setup using the CLI, you can complete the procedures in this chapter using the Device Manager GUI.

Establishing a Console Connection on the ACE

This section describes how to establish a direct serial connection between your terminal or a PC and the ACE by making a serial connection to the console port on the rear panel of the ACE. The ACE has one standard RS-232 serial port found on the rear panel that operates as the console port.

Prerequisites

This setup procedure requires a properly configured terminal and cable as described in the "Prerequisites for Setting Up an ACE" section.

If the appliance is not on, press the power button on the front of the ACE to start the boot process. See the Hardware Installation Guide, Cisco ACE 4710 Application Control Engine Appliance for details.

For more instructions on connecting a console cable to your ACE appliance, see the Hardware Installation Guide, Cisco ACE 4710 Application Control Engine Appliance.

Restrictions

Only the Admin context is accessible through the console port; all other contexts can be reached through Telnet or SSH sessions.

Detailed Steps

Follow these steps to access the ACE using a direct serial connection:


Step 1 Connect the serial cable between the ACE and the terminal and then use any terminal communications application to access the ACE CLI. This procedure uses HyperTerminal for Windows.

Step 2 Launch HyperTerminal. The Connection Description window appears.

Step 3 Enter a name for your session in the Name field.

Step 4 Click OK. The Connect To window appears.

Step 5 From the drop-down list, choose the COM port to which the device is connected.

Step 6 Click OK. The Port Properties window appears.

Step 7 Set the following port properties:

Baud Rate = 9600

Data Bits = 8

Flow Control = none

Parity = none

Stop Bits = 1

Step 8 Click OK to connect.

Step 9 Press Enter to access the CLI prompt.

switch login: 
 
   


What to Do Next

When the login prompt displays, proceed with the following tasks:

Once a session is created, choose Save As from the File menu to save the connection description. Saving the connection description has the following two advantages:

The next time that you launch HyperTerminal, the session is listed as an option under Start > Programs > Accessories > HyperTerminal > Name_of_session. This option lets you reach the CLI prompt directly without going through the configuration steps.

You can connect your cable to a different device without configuring a new HyperTerminal session. If you use this option, make sure that you connect to the same port on the new device as was configured in the saved HyperTerminal session. Otherwise, a blank screen appears without a prompt.

If this is the first time that you are booting the ACE, see the "Enabling Management Connectivity Using the Setup Script" section.

If this is not the first time that you are booting the ACE, see the "Logging in to the ACE" section for information about logging in and entering the configuration mode to configure the ACE.

Enabling Management Connectivity Using the Setup Script

This section describes how to use the setup script to simplify connectivity to the Device Manager GUI. When you boot the ACE for the first time and the ACE does not detect a startup-configuration file, a setup script guides you through the process of configuring a management VLAN on the ACE through one of its Gigabit Ethernet ports.

After running the setup script, the management VLAN is allocated to the specified Gigabit Ethernet port and the VLAN interface is configured on the ACE, as illustrated in Figure 2-2.

Figure 2-2 Configuration After the Setup Script is Executed


Note The script configuration process described in this section is identical to the script configuration process performed using the setup CLI command.


Detailed Steps

Configure the ACE using the setup script by following these steps:


Step 1 At the login prompt, log into the ACE by entering the login username admin and password. By default, the username and password are admin. For example, enter:

Starting sysmgr processes.. Please wait...Done!!!
 
   
switch login: admin
Password: admin
 
   

Step 2 At the Enter the new password for "admin": prompt, change the default Admin password. If you do not change the default Admin password, after you upgrade the ACE software you will only be able to log in to the ACE through the console port.

 
   
Enter the new password for "admin": xxxxx
Confirm the new password for "admin": xxxxx
admin user password successfully changed.
 
   

Step 3 At the Enter the new password for "www": prompt, change the default www user password. If you do change the default www user password, the www user will be disabled and you will not be able to use Extensible Markup Language (XML) to remotely configure an ACE until you change the default www user password.

Enter the new password for "www": xxxxx
Confirm the new password for "www": xxxxx
www user password successfully changed.
 
   
This script will perform the configuration necessary for a user to manage the ACE 
Appliance using the ACE Device Manager. The management port is a designated Ethernet port 
which has access to the same network as your management tools including the ACE Device 
Manager. You will be prompted for the Port Number, IP Address, Netmask and Default Route 
(optional).
 
   
Enter `ctrl-c' at any time to quit the script
 
   

Caution At this point, you should consider whether you plan to configure the ACE using the Device Manager GUI or using the CLI. If you have a trunking network setup, or if your VLAN 1000 has been used, you should bypass the following setup script and use the CLI at " Setting Up an ACE Appliance Using the CLI."

Step 4 At the "Would you like to enter the basic configuration dialog? (yes/no)" prompt, press Enter to continue the setup. To bypass setup and directly access the CLI, type no.

Would you like to enter the basic configuration dialog? (yes/no) [y]:
 
   

Note The ACE provides a default response in brackets [ ] for each question in the setup script. Accept the default response to a configuration prompt by pressing Enter.


Step 5 Select port 1 to carry management VLAN communication by pressing Enter.

Enter the Ethernet port number to be used as the management port (1-4):? [1]:
 
   

Step 6 Assign an IP address for the management VLAN interface by entering 172.25.91.110.

Enter the management port IP Address (n.n.n.n): [192.168.1.10]: 172.25.91.110
 
   

Step 7 Accept the default subnet mask for the management VLAN interface by pressing Enter.

Enter the management port Netmask(n.n.n.n): [255.255.255.0]:
 
   

Step 8 Assign the IP address of the gateway router (the next-hop address for this route) by entering 172.25.91.1.

Enter the default route next hop IP Address (n.n.n.n) or <enter> to skip this step: 
172.25.91.1
 
   

Step 9 Examine the entered values.

Summary of entered values: 
 
   
Management Port: 1
Ip address 172.25.91.110
Netmask: 255.255.255.0
Default Route: 172.25.91.1
 
   

Step 10 Review the configuration details by entering d.

Submit the configuration including security settings to the ACE Appliance? 
(yes/no/details): [y]: d
 
   
interface gigabitEthernet 1/3
  switchport access vlan 1000
  no shut
access-list ALL extended permit ip any any
class-map type management 
match-any remote_access
  match protocol xml-https any
  match protocol dm-telnet any
  match protocol icmp any
  match protocol telnet any
  match protocol ssh any
  match protocol http any
  match protocol https any
  match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
  class remote_access
    permit
interface vlan 1000
  ip address 172.25.91.110 255.255.255.0
  access-group input ALL
  service-policy input remote_mgmt_allow_policy
  no shutdown
ssh key rsa
ip route 0.0.0.0 0.0.0.0 172.25.91.1
 
   

Step 11 Accept this configuration by pressing Enter (for Yes); otherwise, enter n.

Submit the configuration including security settings to the ACE Appliance? 
(yes/no/details): [y]:
 
   

Step 12 After you press Enter to accept the configuration, the following message appears.

Configuration successfully applied. You can now manage this ACE Appliance by entering the 
url 'https://172.25.91.110' into a web browser to access the Device Manager GUI.
 
   

After you have completed the setup script, the command prompt appears.

switch/Admin#
 
   

After you specify a Gigabit Ethernet port, port mode, and management VLAN, the setup script automatically applies the following default configuration:

A Management VLAN is allocated to the specified Ethernet port.

An extended IP access list that allows IP traffic originating from any other host addresses.

A traffic classification is created for management protocols HTTP, HTTPS, ICMP, SSH, Telnet, and XML-HTTPS. HTTPS is dedicated to connectivity with the Device Manager GUI.

A VLAN interface is configured on the ACE.


Assigning a Name to the ACE

The hostname is used for the command-line prompts and default configuration filenames. When you establish sessions to multiple devices, the hostname helps you to keep track of the ACE on which you are entering commands. By default, the hostname for the ACE is "switch."

Assign a name to the ACE by following these steps:


Step 1 Enter configuration mode.

switch/Admin# config
switch/Admin(config)#
 
   

Step 2 Change the hostname from "switch" to "host1."

switch/Admin(config)# hostname host1
host1/Admin(config)#
 
   

Step 3 (Optional) Copy the running-configuration file to the startup-configuration file. Note that the do command allows you to enter Exec mode commands in any configuration mode.

host1/Admin(config)# do copy running-config startup-config

Setting Up an ACE Appliance Using the Device Manager GUI

You can set up an ACE appliance using the Device Manager GUI or the CLI. This section describes how to set up an ACE using the GUI, and includes the following topics:

Logging in to the Device Manager GUI

Configuring a Second Gigabit Ethernet Interface Port

Configuring a Third Gigabit Ethernet Interface Port

Logging in to the Device Manager GUI

You can access the ACE Device Manager GUI through a web-based interface. Log in to the Device Manager by following these steps:


Step 1 Navigate to the ACE Device Manager by entering the secure HTTPS address or hostname of the ACE in the address field of a web browser. For the example setup shown earlier in Figure 2-1, enter:

https://172.25.91.110/
 
   

Step 2 Click Yes at the prompt to accept (trust) and install the signed certificate from Cisco Systems, Inc. To avoid having to approve the signed certificate every time you log in to the Device Manager, accept the certificate.

The Device Manager GUI Login window appears (Figure 2-3).

Figure 2-3 Device Manager GUI Login Window

Step 3 In the User Name field, type admin for the admin user account.

Step 4 In the Password field, type the new password that you entered in Step 2 in "Enabling Management Connectivity Using the Setup Script."

Step 5 Click Login. When you log in, the default page that appears is the Device Manager GUI Homepage (Figure 2-4)

Figure 2-4 Device Manager GUI Homepage


Configuring a Second Gigabit Ethernet Interface Port

You can configure a second Gigabit Ethernet interface port to connect to clients. For the example configuration, you will configure Gigabit Ethernet interface port 2 as illustrated in Figure 2-5 (previously configured settings are grayed out).

Figure 2-5 Configuring a Second Gigabit Ethernet Interface Port to Connect to Clients

Configure a second Gigabit Ethernet port by following these steps:


Step 1 Choose Config > Virtual Contexts > Network > GigabitEthernet Interfaces. The GigabitEthernet Interfaces pane appears.


Note Only users authenticated in the Admin context can configure the Gigabit Ethernet interface ports.


Step 2 In the GigabitEthernet Interfaces pane, choose gigabitEthernet 1/2, and then click Edit to define attributes for the port. The Physical Interfaces window appears.

Step 3 Enter the following attributes for port 2. Leave the remaining attributes blank or with their default values.

Description: Client-side

Admin Status: Up

Speed: Auto

Port Operation Mode: Switch Port

Switch Port Type: Access

Access VLAN: 400

Step 4 Click Deploy Now to save these settings and to return to the GigabitEthernet Interfaces pane.


Configuring a Third Gigabit Ethernet Interface Port

You can configure a third Gigabit Ethernet interface port to connect to the servers. For the example configuration, you will configure Gigabit Ethernet interface port 3 as illustrated in Figure 2-6 (previously configured settings are grayed out.)

Figure 2-6 Configuring a Third Gigabit Ethernet Interface Port to Connect to the Servers

Configure a third Gigabit Ethernet port by following these steps:


Step 1 In the GigabitEthernet Interfaces pane, choose gigabitEthernet 1/3, and then click Edit to define attributes for the port. The GigabitEthernet Interfaces window appears.

Step 2 Enter the following attributes for port 3. Leave the remaining attributes blank or with their default values.

Description: Server-side

Admin Status: Up

Speed: Auto

Port Operation Mode: Switch Port

Switch Port type: Access

Access VLAN: 500

Step 3 Click Deploy Now to save these settings and to return to the GigabitEthernet Interfaces pane.


Setting Up an ACE Appliance Using the CLI

You can set up an ACE appliance using the Device Manager GUI or the CLI. This section describes how to set up an ACE using the CLI, and includes the following topics:

Logging in to the ACE

Configuring the First Gigabit Ethernet Port

Allocating the First Gigabit Ethernet Port to a VLAN

Configuring a Management VLAN Interface on the ACE

Configuring a Second Gigabit Ethernet Interface Port

Configuring a Third Gigabit Ethernet Interface Port

Configuring Remote Management Access to the ACE

Accessing the ACE through a Telnet Session

Logging in to the ACE

After you have established a direct serial connection between the ACE and your terminal or a PC (see the "Establishing a Console Connection on the ACE" section), you can set up the ACE using the CLI.

When the setup script displays the "Would you like to enter the basic configuration dialog? (yes/no):" prompt, enter no to access the CLI. Log in to the ACE by following these steps:


Step 1 At the login prompt, enter admin. For the password, type the new password that you entered in Step 2 in the "Enabling Management Connectivity Using the Setup Script" section.

host1 login: admin
Password: xxxxx
 
   

You are ready to use the ACE CLI when the following prompt appears.

host1/Admin#
 
   

Step 2 Set the terminal session-timeout command to 0 to prevent this current session from timing out. By default, a session on the ACE is automatically logged out after 5 minutes of inactivity.

host1/Admin# terminal session-timeout 0
host1/Admin#
 
   

Configuring the First Gigabit Ethernet Port

You can configure a Gigabit Ethernet interface port for the ACE management traffic. For the example configuration, you will configure Gigabit Ethernet interface port 1. Configure the first Gigabit Ethernet port by following theses steps:


Step 1 Configure a Layer 2 Gigabit Ethernet port on the ACE by using the interface gigabitEthernet slot_number/port_number command in configuration mode.


Note The slot_number specifies the physical slot on the ACE that contains the Ethernet ports. For the current release of the ACE appliance, this selection is always 1.


Configure Gigabit Ethernet port 1 and enter interface configuration mode by entering:

host1/Admin# config
host1/Admin(config)# interface gigabitEthernet 1/1
host1/Admin(config-if)#
 
   

Step 2 Enable the Gigabit Ethernet port by using the no shutdown command in interface configuration mode. Disable a running Gigabit Ethernet port by using the shutdown command; bring one up by using the no shutdown command.

host1/Admin(config-if)# no shutdown
 
   

Step 3 Display the configuration of the interface by using the do command with the show interface command.

host1/admin(config-if)# do show interface vlan 1000 
 
   

Allocating the First Gigabit Ethernet Port to a VLAN

After you configure an Gigabit Ethernet port, the next step is to allocate it to a VLAN. For the example configuration, you will allocate the first Gigabit Ethernet port to VLAN 1000, as illustrated in Figure 2-7 (previously configured settings are grayed out.)

Figure 2-7 Allocating the First Gigabit Ethernet Port to a VLAN

Allocate the port to a VLAN by following these steps:


Step 1 Assign one or more VLAN numbers to the Gigabit Ethernet port by using the switchport access vlan vlan_list command in interface configuration mode. The vlan_list argument can include:

A single VLAN number

Beginning and ending VLAN numbers separated by a hyphen

Specific VLAN numbers separated by commas

Valid entries are 1 through 4094. Do not enter any spaces in a hyphenated range or in a comma-separated list of numbers in the vlan_list argument.


Note You can associate a VLAN number with only one Gigabit Ethernet port.


Add VLAN 1000 to the defined list of VLANs currently set for Gigabit Ethernet port 1 by entering:

host1/Admin(config)# interface gigabitEthernet 1/1
host1/Admin(config-if)# switchport access vlan 1000
 
   

Step 2 Enable VLAN access for the specified Layer 2 Gigabit Ethernet port by using the no shutdown command in interface configuration mode.

host1/Admin(config-if)# no shutdown
host1/Admin(config-if)# exit
host1/Admin(config)#
 
   

Configuring a Management VLAN Interface on the ACE

You can provide management connectivity to the ACE by assigning an IP address to the VLAN interface on the ACE. For the example configuration, you will assign an IP address 172.25.91.110 and a subnet mask of 255.255.255.0 to VLAN 1000, as illustrated in Figure 2-8 (previously configured settings are grayed out).

Figure 2-8 Configuring a Management VLAN Interface on the ACE

Configure a VLAN interface on the ACE by following these steps:


Step 1 Access interface configuration mode for the VLAN 1000.

host1/Admin(config)# interface vlan 1000
host1/Admin(config-if)#
 
   

Step 2 Assign an IP address of 172.25.91.110 and a subnet mask of 255.255.255.0 to the VLAN interface for management connectivity.

host1/Admin(config-if)# ip address 172.25.91.110 255.255.255.0 
 
   

Step 3 (Optional) Provide a description for the interface.

host1/Admin(config-if)# description Management connectivity on VLAN 1000
 
   

Step 4 Enable the VLAN interface.

host1/Admin(config-if)# no shutdown
 
   

Step 5 Display the configuration of VLAN 1000.

host1/Admin(config-if)# do show interface vlan 1000
 
   

Step 6 Verify network connectivity by using the ping command. This command verifies the connectivity of a remote host or server by sending echo messages from the ACE.

host1/Admin(config-if)# do ping 172.25.91.110
 
   

Step 7 Exit the interface configuration mode.

host1/Admin(config-if)# exit
host1/Admin(config)#
 
   

Configuring a Second Gigabit Ethernet Interface Port

You can configure a second Gigabit Ethernet interface port to connect to clients. For the example configuration, you will configure Gigabit Ethernet interface port 2 as illustrated in Figure 2-5. Configure the second Gigabit Ethernet Interface port by following these steps:


Step 1 Add VLAN 400 to the defined list of VLANs currently set for Gigabit Ethernet port 2.

host1/Admin(config)# interface gigabitEthernet 1/2
host1/Admin(config-if)# switchport access vlan 400 
 
   

Step 2 Enable the Gigabit Ethernet port.

host1/Admin(config-if)# no shutdown
host1/Admin(config-if)# exit
host1/admin(config)#
 
   

Configuring a Third Gigabit Ethernet Interface Port

You can configure a third Gigabit Ethernet interface port to connect to the servers. For the example configuration, you will configure Gigabit Ethernet interface port 3 as illustrated in Figure 2-6. Configure the third Gigabit Ethernet Interface port by following these steps:


Step 1 Add VLAN 500 to the defined list of VLANs currently set for Gigabit Ethernet port 3.

host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)# switchport access vlan 500
 
   

Step 2 Enable the Ethernet port.

host1/Admin(config-if)# no shutdown
host1/Admin(config-if)# exit
host1/admin(config)#
 
   

Configuring Remote Management Access to the ACE

Before remote network access can occur on the ACE through an Ethernet port, you must create a traffic policy that identifies the network management traffic that can be received by the ACE. Configure remote management access to the ACE by following these steps:


Step 1 Create a management-type class map named REMOTE_ACCESS that matches any traffic.

host1/Admin(config)# class-map type management match-any REMOTE_ACCESS
host1/Admin(config-cmap-mgmt)#
 
   

Step 2 (Optional) Provide a description for the class map.

host1/Admin(config-cmap-mgmt)# description Remote access traffic match
 
   

Step 3 Configure the match protocol to permit traffic based on the SSH, Telnet, and ICMP protocols for any source address.

host1/Admin(config-cmap-mgmt)# match protocol ssh any
host1/Admin(config-cmap-mgmt)# match protocol telnet any
host1/Admin(config-cmap-mgmt)# match protocol icmp any
host1/Admin(config-cmap-mgmt)# exit
host1/Admin(config)#
 
   

Step 4 Create a REMOTE_MGMT_ALLOW_POLICY policy map for traffic destined to an ACE interface.

host1/Admin(config)# policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
host1/Admin(config-pmap-mgmt)#
 
   

Step 5 Apply the previously created REMOTE_ACCESS class map to this policy.

host1/Admin(config-pmap-mgmt)# class REMOTE_ACCESS
host1/Admin(config-pmap-mgmt-c)#
 
   

Step 6 Allow the ACE to receive the configured class map management protocols.

host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# exit
host1/Admin(config)#
 
   

Step 7 Access interface configuration mode for the VLAN to which you want to apply the policy map.

host1/Admin(config)# interface vlan 1000
host1/Admin(config-if)#
 
   

Step 8 Apply the REMOTE_MGMT_ALLOW_POLICY policy map to the interface.

host1/Admin(config-if)# service-policy input REMOTE_MGMT_ALLOW_POLICY
 
   

Step 9 Display the REMOTE_MGMT_ALLOW_POLICY policy applied to the interface.

host1/Admin(config-if)# do show service-policy REMOTE_MGMT_ALLOW_POLICY
 
   
Status     : ACTIVE
-----------------------------------------
Interface: vlan 1000
  service-policy: REMOTE_MGMT_ALLOW_POLICY
 
   

Step 10 Save your configuration changes from the running configuration to the startup configuration.

host1/Admin(config-if)# do copy running-config startup-config
 
   
Generating configuration....
running config of context VC_web saved
 
   
host1/Admin(config-if)# exit
host1/Admin(config)# exit
 
   

Step 11 Display the running configuration.

host1/Admin(config)# do show running-config
 
   
Generating configuration....
 
   
class-map type management match-any REMOTE_ACCESS
  description Remote access traffic match
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any
 
   
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_ACCESS
    permit
 
   
interface vlan 1000
  description Management connectivity on VLAN 1000
  ip address 172.25.91.110 255.255.255.0
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  no shutdown
interface vlan 400
  description client connectivity on VLAN 400
  ip address 10.10.40.10 255.255.255.0
  no shutdown
 
   

Accessing the ACE through a Telnet Session

After you have completed the previous configurations, you can use Telnet to access the ACE through an Ethernet port by using its IP address. Access the ACE through Telnet by following these steps:


Step 1 Initiate a Telnet session from a remote host to the ACE. For example, access the ACE from the VLAN IP address of 172.25.91.110 by entering:

remote_host# telnet 172.25.91.110
 
   
Trying 172.25.91.110... Open
 
   

Step 2 At the prompt, log in to the ACE. Enter admin as the user name and for the password, type the new password that you entered in Step 2 in "Assigning a Name to the ACE" section.

host1 login: admin
Password: xxxxx
 
   

Step 3 Display the Telnet session.

host1/Admin# show telnet
 
   

Where to Go Next

In this chapter, you have set up your ACE so that you can use the ACE Device Manager or CLI to perform server load-balancing configuration tasks through a remote management interface. Next, you will create a user context for server load balancing.