How to Bundle two FWSM within the Catalyst 6500 Switch to achieve 10G

Unanswered Question
Apr 27th, 2008
User Badges:

We are building a new setup, this new setup entails bundling two new firewall service modules to produce 10 Gbps.

Currently, we have two distribution switches ds03 and ds04, in each of those distribution switches , we have two FWSM and one ACE module per each Chassis.


It should be possible, but we are not sure like how we can do it, the following link describe the feature that we are looking for :


http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps4452/prod_bulletin0900aecd80630a8e_ps2706_Products_Bulletin.html



We need from you to give us the right approach like how to configure them.


Best regards,


Ismail - CCIE R&S # 18315

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sun, 04/27/2008 - 20:30
User Badges:
  • Green, 3000 points or more

Friend here are my 2 censt, Im sure you'll get more responces or at least I brough your thread question to the begining of forum.. there are so many questions at stake, you have two bad boys cores with dual fwsm modules plus ace, I say you would need to dig a little, spell out and defined the options in the design and deployment of the two cores based on where will it be deployed and traffic flows definitions of fwsm modules such as active failover architecture, active active architecture,routed mode,transparent mode, l2 trunks between cores etc.. before even jumping into configurations.


These two devices are not joke and grants to look into various scenarios to deploy them with acorrect design.


Once this is defined configuration would be much easier, here are couple of links that provides lots of information in design options to take under consideration. It also provides configuration examples.



Security product implementation

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/networking_solutions_products_genericcontent0900aecd8062a670.html



FWSM design guidance

http://www.cisco.com/en/US/netsol/ns340/ns394/ns224/ns376/networking_solutions_design_guidances_list.html



Configuration guides

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_installation_and_configuration_guides_list.html


FWSM Q&A - what to know about them

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml


last but not least - reference of inter-chassis, intra-chasis failover architecture with fwsm modules and dual cores

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/fail_f.html#wp1041883



Rgds

Jorge

conceptzone Sun, 04/27/2008 - 20:45
User Badges:

Hi Jorge,


Whenever peoples sees ACE, they start thinking with the complex scenarios that is difficult to achieve. consider ACE is not available , my problem is not in the ACE at all, this is because I have 10Gbps internal connection between the MSFC and the module, my real issue in the low bandwidth between the MSFC and the FWSM which is only 5.5 Gbps.


I want to combine the two FWSM to be one FWSM, something like stacking the catalyst 3750 when they appear as one switch.



Any NS/SEC engineer implemented this scenario in any place of the world ?


I will appreciate anyone's feedback.


Ismail



Actions

This Discussion