FWSM Failover with OSPF router-is

Unanswered Question
Jun 6th, 2007
User Badges:


I have two FWSMs, running in Failover Active/Standby mode. I would like to run OSPF on one of the FWSM's interface (int vlan2). I have two questions regarding that:

1) Will both FWSMs participate in the OSPF, even when the Primary is working ? I mean, will both FWSM's will be seen as ospf neighbors, and will receive/send LSAs as long as both up, or the primary FWSM will be the only one to participate in the OSPF process?

2) I have configured Failover as follows:


nameif vlan2 outside security0


ip address outside standby


If both FWSMs participate in the OSPF, and I would like to configure the "router-id" for each. Which address should I take for that, assuming that I would like to use the ip address of vlan2 on both ? Should I take as the router-id for the primary FWSM, and for the secondary FWSM ?

Please advise,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
codemasterscisco Mon, 06/11/2007 - 08:31
User Badges:


i have two sets of 6513's (4) with fwsm (4) in active/standby mode and as far i can see the standby fwsm aren't doing anything but idle (and looking in the mirrow how beautiful they are)... so i think the standby unit will not participate. but since i don't have the same setup as yours i can't be sure.


lganeva Thu, 06/14/2007 - 11:28
User Badges:


Since you configure once and configuration is replicated to the standby unit, you cannot configure different ospf router-id - this is the answer for our second question. And, of course the standb unit does not participate in OSPF. That's why if you are using some kind of TACACS+ or other auth to log-in to the device and the route to it is learned over OSPF keep in mind to put one static route to the tacacs or you won't be able to log-in into the standby device:)

And one more advice - tune your OSPF timers - when switching from primary to standby this is critical, believ me:)


This Discussion