Firewall Module with Confiugured HSRP switches

Unanswered Question
Nov 4th, 2007

Hello ,

We have implemented HSRP configuration between the core switches for 20 VLANs, as the following:

HSRP Configuration for switch 1;

Interface Vlan4

Description “VLAN Description”

Ip address 192.168.8.2 255.255.255.0

Standby 5 ip 192.168.8.1

Standby 5 timer 5 15

Standby 5 preempt

!

HSRP Configuration for switch 2;

Interface Vlan4

Description “VLAN Description”

Ip address 192.168.8.3 255.255.255.0

Standby 5 ip 192.168.8.1

Standby 5 timer 5 15

Standby 5 priority 50

Standby 5 preempt

Now, Only on the active core switch we have inserted a firewall Module to protect VLANs communication to each other while we dont have firewall on the standby switch. Im planning to implement firewall only on one switch if the VLAN fail the traffic will be diverted on the second switch without firewalling.

Would you please assist me on Firewall configuration when i have HSRP running as per my config.

Regards,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwilmoth Fri, 11/09/2007 - 11:50

HSRP provides two servicesIP redundancy and a Virtual IP (VIP) address. Each HSRP group may provide either or both of these services. Cisco IOS firewall stateful failover uses the IP redundancy services from only one HSRP standby group. It can use the VIP address from one or more HSRP groups. Use the following task to configure HSRP on the outside and inside interfaces of the router.

http://cisco.com/en/US/products/ps6441/products_feature_guide09186a00806106ea.html#wp1149287

Actions

This Discussion