Fully redundant FW setup

Unanswered Question
Sep 20th, 2007

Hi ,

I've to configure VRRP on my Nokia IP 350 boxes. The setup should be as given below:

FW_1 - Cisco 6500 SW_1-Internet Router_1

FW_2 - Cisco 6500 SW_2-Internet Router_2

I will configuring VRRP for this on FW;s & HSRP on Cisco switches.

I've following doubts:

1. Is VRRP stateful as on routers its not?

2. Since HSRP group will be active on only 1 6500 switch and for e.g. FW_1 goes down and HSRP is active on 6500_SW_1 even though FW_2 takev over the virtual IP how will it route the traffi as its not connected to 6500 SW_1 as its conencted to 6500 SW_2. If I connect both Firewall to their respective switches and to other too then following will be scenario:

FW_1 - Cisco 6500 SW_1-Internet Router_1 (1 cable from FW_1 to SW_1)

FW_1 - Cisco 6500 SW_2-Internet Router_1 (2 cable from FW_2 to SW_2

Similary for FW_2.

But then how mac entries will be ensured for FW_2 when FW_! takes over.

Do we require some special setting on Switch? I remember something but not able to recollect.

Request to pl guide.

Reg.

YT

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vkapoor5 Wed, 09/26/2007 - 08:44

Hybrid systems with redundant supervisor/MSFC combinations can optionally have two active MSFCs in the same chassis (referred to as Dual Router Mode). In this configuration, Hot Standby Router Protocol (HSRP) is configured internally between both active MSFCs. With Cisco IOS software, the standby MSFC is not fully operational. Therefore, it is not possible to run internal HSRP between the two MSFCs. External HSRP from the Cisco Catalyst 6500 to other routers in the network is supported in either Route Processor Redundancy (RPR), Route Processor Redundancy Plus (RPR+), or non-stop forwarding with stateful switchover (NSF/SSO) mode with the Cisco IOS software.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/redund.html

Actions

This Discussion