Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

fwsm and a dmz zone

Hi guys, I'm starting to configure the failover functionality between two 6509 switches with a fwsm in both. I just had a hypothetical question.

Here's the scenario:

Connected to both of these 6509 switches I have a 3560 acting as a dmz zone. I have a link between the 3560 and both of the 6509 switches. I configured a vlan for this dmz. This vlan is being used by the both of the fwsm's as one of the interfaces. I configured failover so that if one interface fails then the fwsm as a whole fails. I then configured the fwsm's to monitor the dmz interface.

My question is what happens to the fwsm's if the dmz (3560) switch stops passing traffic and dies?

Both fwsm's will detect the dmz vlan as down. Will the active fwsm fail over to the standby even though the standby fwsm will be considered failed as well since its dmz vlan is also down?

Will this put both fwsm's in the failed state and prevent either one from passing legitimate traffic?

Thanks for any light somebody can shed on this for me.


Re: fwsm and a dmz zone

With software release 8.3(1) and later releases, in redundant systems, the integrated 720-Gbps switch fabric supports a high-availability failover to the standby switch fabric. High availability must be enabled for the failover to work .enter the set system highavailability enable command).