Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

FWSM

Folks,

I have multiple 6500's and the customer wants me to setup multiple levels of redundancy for FWSM. He wants Intra and Inter Chassis redundancy. So 2 FWSM per chassis per 6500.

My question is that for intra chassis i will use one vlan for stateful and one vlan for stateful information, for inter chassis I should use "DIFFERENT" set of vlans for state ful and stateful redundancy??? can anyone confirm this??

Also how can I make sure that there is no unoptimal routing between the switches and the best design possible, any tips or docs would he highly appreciated and i will surely rate this post.

Tarun

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: FWSM

Tarun

Not sure i fully understand. A single FWSM can only be in a failover pair with one other FWSM.

So if you have 2 FWSMs in the same chassis and these are a failover pair then you can't then pair either of these with the FWSMs in the other chassis ie. it's an either/or.

Either you have a failover pair in the same chassis or you have a failover pair between the chassis's but you can't have both with the same FWSMs.

Jon

4 REPLIES
New Member

Re: FWSM

Anyone willing to help.

Thanks

Hall of Fame Super Blue

Re: FWSM

Tarun

Not sure i fully understand. A single FWSM can only be in a failover pair with one other FWSM.

So if you have 2 FWSMs in the same chassis and these are a failover pair then you can't then pair either of these with the FWSMs in the other chassis ie. it's an either/or.

Either you have a failover pair in the same chassis or you have a failover pair between the chassis's but you can't have both with the same FWSMs.

Jon

New Member

Re: FWSM

Jon,

Thanks for the response, it was very helpful. I have another question on failover, the doc says that once the firewall does not receive a hello response it goes through network interface activity test. My question is what is the network interfaces do down and the firewall is still responding on failover interface, will this triger a failover? also what is the importance of monitor-interface command?

Hall of Fame Super Blue

Re: FWSM

Tarun

"My question is what is the network interfaces do down and the firewall is still responding on failover interface, will this triger a failover?"

It depends if you are monitoring the interface or not.

The failover link is used by the FWSM's to monitor each other's health. However if one of the other interfaces fails but the failover link is till okay how does the firewall know it has to failover.

That is what the monitor-interface command is for. When you enable this on an interface hello packets are exchanged between the same interface on each FWSM. If one of the interfaces goes down hellos are no longer received so the firewall can failover.

Note i say can because you can configure a percentage of interfaces that must fail before the FWSM fails over.

If you are not monitoring the interface and that interface goes down the FWSM will not necessarily failover.

Jon

327
Views
0
Helpful
4
Replies
CreatePlease to create content