08-31-2008 06:10 AM - edited 03-10-2019 04:16 AM
Can EtherChannel protocol be used to provide active/standby redundancy for single IDSM on two different chassis.
Rgds.
Solved! Go to Solution.
09-01-2008 07:06 PM
The failover will be based on HOW your FWSM mac-address is learnt by the 'inside' devices. Under normal operation The PRIMARY FWSM will be active so all traffic will pass through the IDSM present on that Core Sw. When FWSM failovers all traffic will pass through the SECONDARY FWSM and the IDSM module in the second chassis.
Regards
Farrukh
08-31-2008 07:05 PM
Please see the following PDF for more design details:
Regular ECLB assumes that all links (or IDSM interfaces) are on the same box.
Regards
Farrukh
09-01-2008 02:15 AM
From the given link, I understand that active/standby redundancy configuration is not possible for IDSM's on two different chassis. Only active/active is possible.
Secondly, please let me know whether the below configuration is for two IDSM's within same chassis or across two separate chassis.
intrusion-detection module 4 management-port access-vlan 100
intrusion-detection module 5 management-port access-vlan 100
intrusion-detection module 4 data-port 1 channel-group 5
intrusion-detection module 4 data-port 2 channel-group 6
intrusion-detection module 5 data-port 1 channel-group 5
intrusion-detection module 5 data-port 2 channel-group 6
intrusion-detection port-channel 5 trunk allowed-vlan 200-204,208
intrusion-detection port-channel 5 trunk allowed-vlan 708
intrusion-detection port-channel 5 autostate include
intrusion-detection port-channel 5 portfast enable
intrusion-detection port-channel 6 trunk allowed-vlan 260,280,400,401
intrusion-detection port-channel 6 trunk allowed-vlan 111-114
intrusion-detection port-channel 6 autostate include
intrusion-detection port-channel 6 portfast enable
Rgds.
09-01-2008 06:17 AM
You can achieve active/standby with spanning tree. You need to tell more detail about your topology to comment further.
This is for two IDSMs installed in the same chassis.
Regards
Farrukh
09-01-2008 06:25 AM
My scenario is two Cat 6500 Chassis with similar FWSM, ACE, IDSM modules in each.
Now I need to configure redundancy for the IDSM module only in each 6500 chassis.
Thanks.
09-01-2008 08:03 AM
How is your FWSM setup? MSFC Outside or MSFC inside?
Regards
Farrukh
09-01-2008 11:29 AM
MSFC is outside to the FWSM.
Thanks.
09-01-2008 07:06 PM
The failover will be based on HOW your FWSM mac-address is learnt by the 'inside' devices. Under normal operation The PRIMARY FWSM will be active so all traffic will pass through the IDSM present on that Core Sw. When FWSM failovers all traffic will pass through the SECONDARY FWSM and the IDSM module in the second chassis.
Regards
Farrukh
09-01-2008 07:58 PM
In short, there is no provision for independnent IDSM failover across two chassis.
Thanks.
09-02-2008 07:51 AM
To my knowledge, NO :)
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: