Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

FWSM system space does not replicate part of configuration

                   Hi

I have FWSM failover pair, Active/Active configuration, admin and another 4 context, few context active on first FWSM, other on second FWSM.

I needed to add  VLANs 51 and 52 to FWSM

I created VLANs on both Cat6500, created firewall vlan-group 3 a and put "firewall module1 vlan-group 3" on both cat6500

Then I log in in system space on primary FWSM and created interface VLAN.

Created VLANs automatically occured in system space on  Secondary FWSM.

Then I wanted allocate VLAN 51 and 52 to context XY, so I went to part of configuration for context XY and "allocate-interface Vlan51" and  "allocate-interface Vlan52".

But this part did not replicate to system space on Secondary FWSM, i do not know why.

I tried for expample shutdown inteface101 in system space on Primary FWSM. This action was replicated.

pnfkepolsa17# sh failover state

====My State===

Primary | Active |

====Other State===

Secondary | Standby |

====Configuration State===

       Interface config Syncing - STANDBY

       Sync Done - STANDBY

====Communication State===

       Mac set

=========Failed Reason==============

My Fail Reason:

Other Fail Reason:

pnfkepolsa17#

pnfkepolsa17# sh failover state

====My State===

Secondary | Standby |

====Other State===

Primary | Active |

====Configuration State===

       Interface config Syncing - STANDBY

       Sync Done

       Sync Done - STANDBY

====Communication State===

       Mac set

=========Failed Reason==============

My Fail Reason:

Other Fail Reason:

       Comm Failure

pnfkepolsa17#

I found this message in logg of Cat6500

000160: Jun 11 20:34:22.405: %SVCLC-5-SVCLCMULTI: Group 3 being tied to more than one module

Why is this problem?

Peter

1 REPLY
New Member

Re: FWSM system space does not replicate part of configuration

I found explanation:

Error Message    %SVCLC-5-SVCLCMULTI: Group [dec] being tied to more than one module

Explanation    The specified group is tied to multiple service modules. A group should not be associated with more than one service module unless a failover configuration is being used.

Recommended Action    If a failover configuration is in use, no action is required. Otherwise enter the show svclc module command to find out which group is being tied to more than one module. Then remove multiple associations by entering the no svclc module mod vlan-group group command.

I want to use vlan-group 3 for FWSM and for ACE module too.

which kind of failover was mentioned?

Peter

624
Views
0
Helpful
1
Replies
CreatePlease to create content