Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Dual core and dual IDM quesiton

I have dual 6509 core switches in LAN setup for core switch redundancy,and it also has IDSM to be configured in-line mode.

I also have 4 VLANS (A,B,C and D). Traffic to the VLANS A and C to be sent via IDSM.

Therefore I have VLAN pairs A,B and C,D defined as VLAN pairs in IDSM.

Traffic to VLAN A is sent to VLAN B and traffic to VLNA C is sent to VLAN D from 6500 point of view, so that all the traffic to protected VLANS are going though IDSM.

Now there VLAN pairs are in parallel in dual core switche.

Question: Assuming first core switch is active switch in the setup, we will assume the IDSM in the same swith is also the active one. In case of IDSM total failure, does the STP protocol can figure out that traffic can still send to protected VLANs via the other IDSM in the passive core switch ?


Re: Dual core and dual IDM quesiton

If the IDSM fails, spanning tree should route around the failed device. Make sure you are using CAT OS on the Sup. You need to install a physical cable between 2 ports on the same switch.

Configuring STP and MST:

When spanning-tree runs it looks for all paths between switches (or a path between 2 vlans on the same switch). It checks to see if more than one path exists to another switch (or vlan). If more than one path exists, then it will place one path in Forwarding state, and the other paths in a Blocking state.

Re: Dual core and dual IDM quesiton

Thanks for the reply. I have IOS version runs on the supervisor. ( it is SUP720). If it base oin STP, shouldn't the IOS based supervisor also have the same behaviour ?

