CSM-SSL Module Redundancy test

Unanswered Question
Oct 17th, 2007


we have two cisco 6509 core switches (core1 and core2) with CSM-SSL Module installed in both core switches.

Redundancy is configured between the two core switches using HSRP.

my question is how to test redundancy if the CSM-SSL module in core1 is down?, in that case the other CSM-SSL module in the core2 will work?

the second question is when the first module in core1 is down core2 will take place or just the csm-ssl installed in core2.

i hope to find answers to my questions?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 10/17/2007 - 23:13


You need to ensure that you have the redundant config on both switches. You can update the csm config on the 6500 switch with the following command (must be done from active ft switch).

6500# hw-module csm "slot number" standby config-sync

This will replicate the csm portion of config to the standby csm. However there is no automatic way of replicating the ssl daughtercard config so you must do this manually.

1) If you want to test redundancy between the 2 csm-s modules without taking one down then you can use the following commands

6500# sh mod csm 6 ft

SZ-JFH-F00-DTE1#sh mod csm 6 ft

FT group 1, vlan 3

This box is active <------

priority 25, heartbeat 1, failover 3, preemption is off

alternate priority 15

You need to be on the 6500 that is active for the ft group, as marked above.

6500# clear mod csm 6 ft active

This will force the csm-s to failover to the other module. This command will only work if you do not have preemption in your ft configuration. You can take preemption off temporarily just for testing if needed.

Not sure i understand the second part of your question. Do you mean the csm-s in core1 is down or core1 is down ?.

If csm-s in core1 is down it will failover to csm-s in core2 (with one caveat - see below).

If the whole of the core1 switch is down then core2 switch should take over including the csm-s in core2.

The caveat is the ssl daughtercard. If the ssl card fails but the csm stays up then from experience it will not failover to second module so you lose ssl services. This is a limitation of having the ssl card as a daughtercard on the csm module rather than having separate csm and SSL modules.

This was my experience last time i used these. It may have changed since so if anybody can update would be much appreciated.



habeeb_talal Sat, 10/20/2007 - 02:32


Thank you very much Jon, everything is now clear, I really appreciate your help



This Discussion