msfc and fwsm connectivity on an active/standby failover

Unanswered Question
Mar 19th, 2008

Hello,


SCENARIO; (see attached drawing)

-2x6500

-each having FWSM

-GLBP running on the MSFC for redundancy

-FWSM running on active/standby


QUESTIONs;

- i need to run GLBP or HSRP on msfc vlan 100. In this case, do i need to run external cables as shown on the red cables on the drawing? or any suggestions please..


thanks a lot.





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 03/19/2008 - 08:25

Hi


No it is all logical within the switch. So for vlan 100 you have an interface on the FWSM (inside by the looks of it) with an IP address from vlan 100 and an SVI (Switched Virtual interface) on the MSFC ie.


int vlan 100

ip address


You do not need any external cables but you will need vlan 100 across the L2 trunk between your 6500 switches.


HTH


Jon

cfajardo1_2 Thu, 03/20/2008 - 02:47

yes i already have that...


Router#sh run int vlan 100

Building configuration...


Current configuration : 66 bytes

!

interface Vlan100

ip address 192.168.21.250 255.255.255.0


FWSM# sh run int vlan 100

!

interface Vlan100

nameif inside

security-level 100

ip address 192.168.21.254 255.255.255.0 standby 192.168.21.253


THE QUESTION IS, IF FWSM1 IS ACTIVE, THEN HOW MY MSFC2 WILL REACH FWSM1 WITHOUT TOSE EXTERNAL CABLES


Jon Marshall Thu, 03/20/2008 - 02:58

Hi


I understand the question, honestly :-) but perhaps i am not explaining this very well.


If MSFC2 wants to send a packet to FWSM1 then it will send it across the L2 trunk between your 6500 switches. So you have to allow vlan 100 across that L2 trunk. If you don't then yes, MSFC2 will not be able to send to a packet to FWSM1.


Now you could have a second trunk link between your 2 6500 switches purely for vlan 100 but either way vlan 100 has to be allowed across a trunk between the 6500 switches or it won't work.


Jon

cfajardo1_2 Thu, 03/20/2008 - 05:20

jon many thanks..its working now..


ive used HSRP on the vlan 100 and glbp on the users... i just dont know if theres an issue using glbp on vlan 100 actually but i realy couldnt make it work.


Actions

This Discussion