Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM failover problem - getting vlan configuration mismatch

One FWSM failed - H/W fault. A new FWSM was used to replace failed module. Since then we cannot get redundancy to work.

Could it be that one FWSM is at version 2.3(3) and the other one is at 2.3(2). But customer said that this difference was there even before and they did not have any problem before the H/W fault.

CFW001(config)# failover

CFW001(config)#

CFW001(config)#

CFW001#

CFW001#

Detected an Active mate

CFW001#

CFW001#

Vlan configuration mismatch

Failover will be disabled

CFW001#

CFW001#

CFW001# sh vlan

2-9, 11, 15, 17-29 , 31-33 , 37-40 , 48-50

CFW001#

CFW001# sh failover

Failover Off (pseudo-Standby)

Failover unit Secondary

Failover LAN Interface lfover Vlan 49

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 15 seconds

Interface Policy 50%

Monitored Interfaces 0 of 250 maximum

failover replication http

CFW001#

3 REPLIES
Hall of Fame Super Blue

Re: FWSM failover problem - getting vlan configuration mismatch

Hi

The times when i get a vlan configuration mismatch message is when there is a discrepancy between the vlans that have been allocated to the FWSM.

Could you confirm whether the "firewall multiple-vlan-interfaces" is present on CSW002 ?.

If it isn't and you have 2 or more vlans that have routed interfaces on the CSW002 switch it may well decide to not allocate one of the vlans leading to a vlan mismatch.

HTH

Jon

New Member

Re: FWSM failover problem - getting vlan configuration mismatch

I believe only hitless upgrade is supported between minor versions but they both needs to running identical software, licenses and same VLAN configurations

New Member

Re: FWSM failover problem - getting vlan configuration mismatch

Jon,

That was my firts reaction when I looked at the two CAT6500 configs and asked customer to have this command

firewall multiple-vlan-interfaces

in both switches.

This morning he did and the result was still the same as before. Problem is still there.

Vara,

What is hitless upgrade - any pointers / urls explaining this?

764
Views
7
Helpful
3
Replies
CreatePlease to create content