Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

FWSM Failover - packet drops

I have configured the FWSM for Active Active failover. 2 VLANS (VLAN 7 and VLAN8) have been created for failover and state information to be replicated to other unit.

Issue: Replication does not happen. Secondary switch drops VLAN packets (see output below)

Primary FWSM

FWSM# sh interface vlan 7

Interface Vlan7 "Failover", is up, line protocol is up

Hardware is EtherSVI

Description: LAN Failover Interface

MAC address 001b.53a3.b600, MTU 1500

IP address 10.0.224.41, subnet mask 255.255.255.248

Traffic Statistics for "Failover":

111 packets input, 76 bytes

1222 packets output, 147228 bytes

0 packets dropped

FWSM# sh interface vlan 8

Interface Vlan8 "Stateful", is up, line protocol is up

Hardware is EtherSVI

Description: STATE Failover Interface

MAC address 001b.53a3.b600, MTU 1500

IP address 10.0.224.49, subnet mask 255.255.255.248

Traffic Statistics for "Stateful":

12 packets input, 0 bytes

34 packets output, 3340 bytes

0 packets dropped

Secondary FWSM

FWSM# sh inter vlan 7

Interface Vlan7 "Failover", is up, line protocol is up

Hardware is EtherSVI

Description: LAN Failover Interface

MAC address 0018.7475.43c0, MTU 1500

IP address 10.0.224.42, subnet mask 255.255.255.248

Traffic Statistics for "Failover":

997 packets input, 152 bytes

1400 packets output, 150888 bytes

1410 packets dropped

FWSM# sh inter vlan 8

Interface Vlan8 "Stateful", is up, line protocol is up

Hardware is EtherSVI

Description: STATE Failover Interface

MAC address 0018.7475.43c0, MTU 1500

IP address 10.0.224.50, subnet mask 255.255.255.248

Traffic Statistics for "Stateful":

32 packets input, 136 bytes

50 packets output, 5034 bytes

1182 packets dropped

All in all - There is no communication between the VLANs on both unit.Not sure what the issue is?

Regards

Vinod

1 REPLY
Silver

Re: FWSM Failover - packet drops

Failover (and that includes Stateful failover) is only supported on devices running the same exact version. A mechanism exists in failover to verify the peer's version, and if it differs from the current version, then failover is dis-allowed.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml

352
Views
0
Helpful
1
Replies
CreatePlease to create content