FWSM Failover with OSPF router-is

b.shoresh · ‎06-06-2007

Hello.

I have two FWSMs, running in Failover Active/Standby mode. I would like to run OSPF on one of the FWSM's interface (int vlan2). I have two questions regarding that:

1) Will both FWSMs participate in the OSPF, even when the Primary is working ? I mean, will both FWSM's will be seen as ospf neighbors, and will receive/send LSAs as long as both up, or the primary FWSM will be the only one to participate in the OSPF process?

2) I have configured Failover as follows:

!

nameif vlan2 outside security0

!

ip address outside 10.235.2.1 255.255.255.240 standby 10.235.2.2

!

If both FWSMs participate in the OSPF, and I would like to configure the "router-id" for each. Which address should I take for that, assuming that I would like to use the ip address of vlan2 on both ? Should I take 10.235.2.1 as the router-id for the primary FWSM, and 10.235.2.2 for the secondary FWSM ?

Please advise,

Boaz.

codemasterscisco · ‎06-11-2007

hi,

i have two sets of 6513's (4) with fwsm (4) in active/standby mode and as far i can see the standby fwsm aren't doing anything but idle (and looking in the mirrow how beautiful they are)... so i think the standby unit will not participate. but since i don't have the same setup as yours i can't be sure.

bt

lganeva · ‎06-14-2007

Hi,

Since you configure once and configuration is replicated to the standby unit, you cannot configure different ospf router-id - this is the answer for our second question. And, of course the standb unit does not participate in OSPF. That's why if you are using some kind of TACACS+ or other auth to log-in to the device and the route to it is learned over OSPF keep in mind to put one static route to the tacacs or you won't be able to log-in into the standby device:)

And one more advice - tune your OSPF timers - when switching from primary to standby this is critical, believ me:)