Firewall Module with HSRP switches

abuatiya · ‎11-04-2007

Hello ,

We have implemented HSRP configuration between the core switches for 20 VLANs, as the following:

HSRP Configuration for switch 1;

Interface Vlan4

Description â€œVLAN Descriptionâ€

Ip address 192.168.8.2 255.255.255.0

Standby 5 ip 192.168.8.1

Standby 5 timer 5 15

Standby 5 preempt

!

HSRP Configuration for switch 2;

Interface Vlan4

Description â€œVLAN Descriptionâ€

Ip address 192.168.8.3 255.255.255.0

Standby 5 ip 192.168.8.1

Standby 5 timer 5 15

Standby 5 priority 50

Standby 5 preempt

Now, Only on the active core switch we have inserted a firewall Module to protect VLANs communication to each other while we dont have firewall on the standby switch. Im planning to implement firewall only on one switch if the VLAN fail the traffic will be diverted on the second switch without firewalling.

Would you please assist me on Firewall configuration when i have HSRP running as per my config.

Regards,

ebreniz · ‎11-09-2007

Your configuration is looking fine .The Firewall services module version 1.1 supports 100 VLANs and version 2.1 supports 250 VLANs. I am sending all the useful links which is related with HSRP on Cisco switch

Configuring Redundancy with HSRP on Catalyst 6500 running Hybrid Mode :

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00800c65b6.html#1023113

HSRP Group Limitation on MSFC1/MSFC2 on Catalyst 6500 FAQs :

http://www.cisco.com/en/US/products/hw/switches/ps700/products_qanda_item09186a008011c6bb.shtml

Hot Standby Router Protocol (HSRP): Frequently Asked Questions :

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml

Understanding and Troubleshooting HSRP Problems in Catalyst Switch Networks :

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml