FWSM interfaces down

Unanswered Question
Nov 10th, 2009


I have a problem with FWSM running version 3.2(5) on Catalyst 6506 with 12.2SXH(33)a. All the interfaces of the FWSM are in down/down state without any explicable reason. The output is in the attachment - FWSM2 is the problematic one, FWSM1 is working fine. Uptime is 16 days on both modules.

Both switches have this configuration:

firewall multiple-vlan-interfaces

firewall module 1 vlan-group 2,

firewall vlan-group 2 77-80,749,750

I have one more 6506 with FWSM both running the same versions - the module works just fine. The trunks between the two switches are up, the VLANs are in STP Forwarding State (I'm running MST btw), everything looks just fine. The more interesting thing is that I'm 99% sure this problem is reoccurring in time - it appears for a while then it disappears without any logical reason. I searched through the bug toolkit as the FWSM version is quite old but I couldn't find a bug matching this description. Anyone had a similar problem? I plan to do an upgrade tomorrow if I don't find another solution.

Kind Regards,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thegrave2000 Sat, 11/14/2009 - 04:13

I think you are referring to this feature:

VSS - Firewall Service Module (FWSM) support

This is for 6500 VSS systems and that's not my case. I have a 6509 with Sup10G and FWSM and believe me - it works.

Anyway, the problem disappeared after a restart. I realized that the FWSM was like that since that switch had a major crash 17 days ago as this was the uptime of the module and a single packet wasn't transmitted. If the problem appears again though I'll upgrade the software. Any observations on 4.x track? Is it stable, does it cause any issues with regular L2/L3 protocols?

plumbis Sat, 11/14/2009 - 10:25

The latest 4.0 code is pretty solid and also gives you more room for ACL entries due to code optimizations.

thegrave2000 Sat, 11/14/2009 - 12:13

Thanks for the information! Do you have any idea if it's necessary to upgrade the license I have for 3.2 to go to 4.x?


This Discussion