Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Redundancy for single IDSM on two separate chassis

Can EtherChannel protocol be used to provide active/standby redundancy for single IDSM on two different chassis.

Rgds.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Redundancy for single IDSM on two separate chassis

The failover will be based on HOW your FWSM mac-address is learnt by the 'inside' devices. Under normal operation The PRIMARY FWSM will be active so all traffic will pass through the IDSM present on that Core Sw. When FWSM failovers all traffic will pass through the SECONDARY FWSM and the IDSM module in the second chassis.

Regards

Farrukh

9 REPLIES

Re: Redundancy for single IDSM on two separate chassis

New Member

Re: Redundancy for single IDSM on two separate chassis

From the given link, I understand that active/standby redundancy configuration is not possible for IDSM's on two different chassis. Only active/active is possible.

Secondly, please let me know whether the below configuration is for two IDSM's within same chassis or across two separate chassis.

intrusion-detection module 4 management-port access-vlan 100

intrusion-detection module 5 management-port access-vlan 100

intrusion-detection module 4 data-port 1 channel-group 5

intrusion-detection module 4 data-port 2 channel-group 6

intrusion-detection module 5 data-port 1 channel-group 5

intrusion-detection module 5 data-port 2 channel-group 6

intrusion-detection port-channel 5 trunk allowed-vlan 200-204,208

intrusion-detection port-channel 5 trunk allowed-vlan 708

intrusion-detection port-channel 5 autostate include

intrusion-detection port-channel 5 portfast enable

intrusion-detection port-channel 6 trunk allowed-vlan 260,280,400,401

intrusion-detection port-channel 6 trunk allowed-vlan 111-114

intrusion-detection port-channel 6 autostate include

intrusion-detection port-channel 6 portfast enable

Rgds.

Re: Redundancy for single IDSM on two separate chassis

You can achieve active/standby with spanning tree. You need to tell more detail about your topology to comment further.

This is for two IDSMs installed in the same chassis.

Regards

Farrukh

New Member

Re: Redundancy for single IDSM on two separate chassis

My scenario is two Cat 6500 Chassis with similar FWSM, ACE, IDSM modules in each.

Now I need to configure redundancy for the IDSM module only in each 6500 chassis.

Thanks.

Re: Redundancy for single IDSM on two separate chassis

How is your FWSM setup? MSFC Outside or MSFC inside?

Regards

Farrukh

New Member

Re: Redundancy for single IDSM on two separate chassis

MSFC is outside to the FWSM.

Thanks.

Re: Redundancy for single IDSM on two separate chassis

The failover will be based on HOW your FWSM mac-address is learnt by the 'inside' devices. Under normal operation The PRIMARY FWSM will be active so all traffic will pass through the IDSM present on that Core Sw. When FWSM failovers all traffic will pass through the SECONDARY FWSM and the IDSM module in the second chassis.

Regards

Farrukh

New Member

Re: Redundancy for single IDSM on two separate chassis

In short, there is no provision for independnent IDSM failover across two chassis.

Thanks.

Re: Redundancy for single IDSM on two separate chassis

To my knowledge, NO :)

Regards

Farrukh

242
Views
0
Helpful
9
Replies
CreatePlease login to create content