12-14

User

Guide

for

the

Cisco

Application

Networking

Manager

5.2

OL-26572-01

Chapter

12

Configuring

Network

Access

Configuring

Virtual

Context

VLAN

Interfaces

Secondary

IP

Groups

Option

that

is

available

only

for

the

ACE

module

A2(3.0),

ACE

appliance

A4(1.0),

and

later

releases

of

both

device

types.

This

option

displays

only

when

Interface

Type

is

set

to

Routed.

The

number

of

secondary

IP

groups

that

you

can

enter

for

a

VLAN

depends

on

the

ACE

release

as

fo

llows:

•

ACE

module

A2(3.0)

and

ACE

appliance

A4(1.0)—Up

to

4

secondary

IP

groups.

•

ACE

module

A2(3.1)

and

later—Up

to

15

sec

ondary

IP

gro

ups.

The

IP,

alias

IP,

and

peer

IP

addresses

of

each

Secondary

IP

group

should

be

in

the

same

subnet.

Note

You

cannot

configure

secondary

IP

addresses

on

FT

VLANs.

To

create

secondary

IP

gro

ups

for

the

VLAN,

do

t

he

following:

a.

Define

one

or

more

of

the

following

secondary

IP

address

types:

–

IP—Secondary

IP

address

assigned

to

this

interface.The

primary

address

must

be

active

for

the

secondary

address

to

be

active.

–

AliasIP—Secondary

IP

address

of

the

alias

associated

with

this

interface.

–

PeerIP—Secondary

IP

ad

dress

of

t

he

remote

peer.

–

Netmask—Secondary

subnet

mask

to

be

used.

The

ACE

has

a

system

limit

of

1,024

for

each

secondary

IP

address

type.

b.

Click

Add

to

selection

(right

arrow)

to

add

the

gr

oup

to

the

gr

oup

display

ar

ea.

c.

Repeat

the

first

two

st

eps

for

each

additional

group.

d.

(Optional)

Rearrange

the

order

in

which

the

groups

are

listed

by

selecting

one

of

the

group

listings

in

the

group

display

area

and

click

either

Move

item

up

in

list

(up

arrow)

or

Move

item

down

in

list

(down

arrow).

Note

that

the

ACE

does

not

care

what

order

the

groups

are

in.

e.

(Optional)

Edit

a

group

or

remove

it

from

the

list

by

selecting

the

desired

group

in

the

group

display

area

and

click

Remove

from

selection

(left

arrow).

Input

Policies

Policy

map

that

is

associated

with

this

VLAN

interface.

From

the

Available

list,

double-click

a

policy

map

name

or

use

the

right

arrow

to

move

it

to

the

Selected

list.

This

policy

map

is

to

be

applied

to

the

inbound

direction

of

the

interface;

that

is,

all

traffic

received

by

this

interface.

If

you

choose

more

than

one

pol

icy

map,

use

the

Up

and

Down

ar

rows

to

choose

t

he

priority

of

the

policy

map

in

the

Selected

list.

These

arrows

modify

the

order

of

the

policy

maps

for

new

VLANs

only;

they

do

not

modify

t

he

policy

map

order

when

editing

an

existing

pol

icy

map.

Input

Access

Group

ACL

input

access

group

to

be

associated

with

this

VLAN

interface.

From

the

Available

list,

double-click

an

ACL

name

or

use

the

right

arrow

to

move

it

to

the

Selected

list.

Any

ACL

group

listed

in

the

Selected

list

specifies

that

this

access

group

is

to

be

applied

to

the

inbound

direction

of

the

interface.

Output

Access

Group

ACL

output

access

group

that

is

associated

with

this

VLAN

interface.

From

the

Available

list,

double-click

an

ACL

name

or

use

the

right

arrow

to

move

it

to

the

Selected

list.

Any

ACL

group

listed

in

the

Selected

list

specifies

that

this

access

group

is

to

be

applied

to

the

outbound

direction

of

the

interface;

that

is,

all

traffic

sent

by

this

interface.

Table

12-1

VLAN

Interface

Attributes

(continued)

Field

Description