msfc and fwsm connectivity on an active/standby failover

cfajardo1_2 · ‎03-19-2008

Hello,

SCENARIO; (see attached drawing)

-2x6500

-each having FWSM

-GLBP running on the MSFC for redundancy

-FWSM running on active/standby

QUESTIONs;

- i need to run GLBP or HSRP on msfc vlan 100. In this case, do i need to run external cables as shown on the red cables on the drawing? or any suggestions please..

thanks a lot.

Jon Marshall · ‎03-19-2008

Hi

No it is all logical within the switch. So for vlan 100 you have an interface on the FWSM (inside by the looks of it) with an IP address from vlan 100 and an SVI (Switched Virtual interface) on the MSFC ie.

int vlan 100

ip address

You do not need any external cables but you will need vlan 100 across the L2 trunk between your 6500 switches.

HTH

Jon

cfajardo1_2 · ‎03-20-2008

yes i already have that...

Router#sh run int vlan 100

Building configuration...

Current configuration : 66 bytes

!

interface Vlan100

ip address 192.168.21.250 255.255.255.0

FWSM# sh run int vlan 100

!

interface Vlan100

nameif inside

security-level 100

ip address 192.168.21.254 255.255.255.0 standby 192.168.21.253

THE QUESTION IS, IF FWSM1 IS ACTIVE, THEN HOW MY MSFC2 WILL REACH FWSM1 WITHOUT TOSE EXTERNAL CABLES

Jon Marshall · ‎03-20-2008

Hi

I understand the question, honestly :-) but perhaps i am not explaining this very well.

If MSFC2 wants to send a packet to FWSM1 then it will send it across the L2 trunk between your 6500 switches. So you have to allow vlan 100 across that L2 trunk. If you don't then yes, MSFC2 will not be able to send to a packet to FWSM1.

Now you could have a second trunk link between your 2 6500 switches purely for vlan 100 but either way vlan 100 has to be allowed across a trunk between the 6500 switches or it won't work.

Jon

cfajardo1_2 · ‎03-20-2008

jon many thanks..its working now..

ive used HSRP on the vlan 100 and glbp on the users... i just dont know if theres an issue using glbp on vlan 100 actually but i realy couldnt make it work.