Cisco ACE module – a few basic admin things

3 01 2007

Just a few things I found while messing with this product:

The ACE will not run in a CatOS box. You must run IOS on at least a Sup720.

The Supervisor 720 comes with 64MB of flash on 2 x internal DIMM-type modules. The shipping software image at this time is not sufficiently high enough for the Supervisor to recognise the ACE – it will therefore remain unrecognised in the chassis and the ACE’s left-most LED will stay unlit. We used 12.2(18) SXF7.

To get the ACE to be recognised, you need a newer version of IOS than that which ships on the Supervisor . To complicate matters, even the slightest increase in IOS version requires more flash than you have, so you need to order a flash upgrade. The only other alternative is to use the CF slots on the front of the Sup. Of course the attendant risk with external CF cards is that they can be stolen, and you’d only realise when the box doesn’t come back up after an outage.
In terms of an internal Sup flash upgrade, probably the best option is part number WS-CF-UPG. This is a 512MB CF card that is installed internally on the Sup via a kind of DIMM to CF converter. See this installation note. This card appears to ship with 12.2(18)SXE5 which is sufficient to get the ACE recognised.

You can either console onto the module directly using a standard Cisco rollover cable, or you can use the session command from the Supervisor console session. The command is:

Switch#  session slot <number> processor 0

Even if you put an IP address on a new ACE module you will not be able to telnet to it by default. Therefore at initial config, the direct connection or a sesesion from the Supervisor are your only options.

The default username and password are both admin. You might want to change this using the command:

switch/Admin#  conf t
switch/Admin(config)#  username admin password <password>

Once you have an IP address on the ACE, you will still need to permit management traffic to it. All traffic is denied by default. This is accomplished by defining a class-map, a policy-map and applying a service-policy to a VLAN interface – basically MQC, but in this instance it is being used a bit like an access-list:

class-map type management match-any MGMT-PROTOCOLS
  description Match telnet, ssh and icmp
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any

policy-map type management first-match MANAGEMENT

interface vlan 10
  ip address
  service-policy input MANAGEMENT
  no shutdown



One response

2 05 2011

HI Please Visit

for more queries regarding ACE / CSS /CSM /WAAS/ DATA Centre Design / CCDP

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: