Redundancy for single IDSM on two separate chassis

Answered Question
Aug 31st, 2008
User Badges:

Can EtherChannel protocol be used to provide active/standby redundancy for single IDSM on two different chassis.


Rgds.

Correct Answer by Farrukh Haroon about 8 years 6 months ago

The failover will be based on HOW your FWSM mac-address is learnt by the 'inside' devices. Under normal operation The PRIMARY FWSM will be active so all traffic will pass through the IDSM present on that Core Sw. When FWSM failovers all traffic will pass through the SECONDARY FWSM and the IDSM module in the second chassis.


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Sun, 08/31/2008 - 19:05
User Badges:
  • Red, 2250 points or more
new_networker Mon, 09/01/2008 - 02:15
User Badges:

From the given link, I understand that active/standby redundancy configuration is not possible for IDSM's on two different chassis. Only active/active is possible.


Secondly, please let me know whether the below configuration is for two IDSM's within same chassis or across two separate chassis.


intrusion-detection module 4 management-port access-vlan 100

intrusion-detection module 5 management-port access-vlan 100

intrusion-detection module 4 data-port 1 channel-group 5

intrusion-detection module 4 data-port 2 channel-group 6

intrusion-detection module 5 data-port 1 channel-group 5

intrusion-detection module 5 data-port 2 channel-group 6

intrusion-detection port-channel 5 trunk allowed-vlan 200-204,208

intrusion-detection port-channel 5 trunk allowed-vlan 708

intrusion-detection port-channel 5 autostate include

intrusion-detection port-channel 5 portfast enable

intrusion-detection port-channel 6 trunk allowed-vlan 260,280,400,401

intrusion-detection port-channel 6 trunk allowed-vlan 111-114

intrusion-detection port-channel 6 autostate include

intrusion-detection port-channel 6 portfast enable


Rgds.

Farrukh Haroon Mon, 09/01/2008 - 06:17
User Badges:
  • Red, 2250 points or more

You can achieve active/standby with spanning tree. You need to tell more detail about your topology to comment further.


This is for two IDSMs installed in the same chassis.


Regards


Farrukh

new_networker Mon, 09/01/2008 - 06:25
User Badges:


My scenario is two Cat 6500 Chassis with similar FWSM, ACE, IDSM modules in each.


Now I need to configure redundancy for the IDSM module only in each 6500 chassis.


Thanks.

Farrukh Haroon Mon, 09/01/2008 - 08:03
User Badges:
  • Red, 2250 points or more

How is your FWSM setup? MSFC Outside or MSFC inside?


Regards


Farrukh

Correct Answer
Farrukh Haroon Mon, 09/01/2008 - 19:06
User Badges:
  • Red, 2250 points or more

The failover will be based on HOW your FWSM mac-address is learnt by the 'inside' devices. Under normal operation The PRIMARY FWSM will be active so all traffic will pass through the IDSM present on that Core Sw. When FWSM failovers all traffic will pass through the SECONDARY FWSM and the IDSM module in the second chassis.


Regards


Farrukh

new_networker Mon, 09/01/2008 - 19:58
User Badges:


In short, there is no provision for independnent IDSM failover across two chassis.


Thanks.

Actions

This Discussion