Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CSM configuration question

Customer wasnt current CSM config changed:


Customer's request is to make all requests go to real server and if that server is down only then send all requests to backup server But if server comes back online then start sending all requests back to and not use



1. I think I have to put the two servers in VLAN 110 and not VLAN 12 and use the CSM in bridge mode by giving the same IP addresses of for client VLAN 12 and server VLAN 110. Right?

2. There are two CAT 6500 with a CSM in each in Fault Tolerant Mode already configured and running and now need the above config changes added. Do I need to configure both CSM manually or if I configure one CSM will the other copy the config automatically.

3. I need to add VLAN 12 and VLAN 110 to Switch VLAN DATABASE, but not add VLAN 12 or VLAN 110 to the MSFC2 or should I only add VLAN 12 to MSFC2 and not VLAN 110.

4.Do new firewall rules need to be created for the two new server real IP addresses or VIP or non change required to the Firewall Rules.

4. What are some useful troubleshooting commands I can see if this doesn't work ? -

show module csm x connection detail, etc.

New Member

Re: CSM configuration question

Config of other CSM

Hall of Fame Super Blue

Re: CSM configuration question

1 & 3) The servers will go into vlan 110. You need to create this vlan on the switch but there is not a routed interface for it.

The client vlan (vlan 12) will need a routed interface however it is not clear from your diagram where this should be. You will need to create vlan 12 on the switch as well. If you are putting a firewall in front of this vlan which it seems you are from your diagram then the routed interface for vlan 12 will be on the firewall not the MSFC. If you put it on the MSFC you will simply route round the firewall - probably not what you want.

2) Version 4.1(1) does not seem to support the command "hw-module csm 'slot no" standby config-sync" (worth checking tho). Looks like this was brought in on version 4.2. Without this command yes you will have to manually copy the config.

4) if you are not allowing through http ( assuming it is http) to the VIP already yes you will need a new firewall rule. That will allow application traffic. If you need direct access to the servers for management etc. then you will need to add in rules for those as well.

5) sh mod csm x reals

sh mod csm x vservers.

sh mod csm x ft

sh mod csm x conn


CreatePlease to create content