cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
544
Views
0
Helpful
9
Replies

Redundancy for single IDSM on two separate chassis

new_networker
Level 1
Level 1

Can EtherChannel protocol be used to provide active/standby redundancy for single IDSM on two different chassis.

Rgds.

1 Accepted Solution

Accepted Solutions

The failover will be based on HOW your FWSM mac-address is learnt by the 'inside' devices. Under normal operation The PRIMARY FWSM will be active so all traffic will pass through the IDSM present on that Core Sw. When FWSM failovers all traffic will pass through the SECONDARY FWSM and the IDSM module in the second chassis.

Regards

Farrukh

View solution in original post

9 Replies 9

Farrukh Haroon
VIP Alumni
VIP Alumni

From the given link, I understand that active/standby redundancy configuration is not possible for IDSM's on two different chassis. Only active/active is possible.

Secondly, please let me know whether the below configuration is for two IDSM's within same chassis or across two separate chassis.

intrusion-detection module 4 management-port access-vlan 100

intrusion-detection module 5 management-port access-vlan 100

intrusion-detection module 4 data-port 1 channel-group 5

intrusion-detection module 4 data-port 2 channel-group 6

intrusion-detection module 5 data-port 1 channel-group 5

intrusion-detection module 5 data-port 2 channel-group 6

intrusion-detection port-channel 5 trunk allowed-vlan 200-204,208

intrusion-detection port-channel 5 trunk allowed-vlan 708

intrusion-detection port-channel 5 autostate include

intrusion-detection port-channel 5 portfast enable

intrusion-detection port-channel 6 trunk allowed-vlan 260,280,400,401

intrusion-detection port-channel 6 trunk allowed-vlan 111-114

intrusion-detection port-channel 6 autostate include

intrusion-detection port-channel 6 portfast enable

Rgds.

You can achieve active/standby with spanning tree. You need to tell more detail about your topology to comment further.

This is for two IDSMs installed in the same chassis.

Regards

Farrukh

My scenario is two Cat 6500 Chassis with similar FWSM, ACE, IDSM modules in each.

Now I need to configure redundancy for the IDSM module only in each 6500 chassis.

Thanks.

How is your FWSM setup? MSFC Outside or MSFC inside?

Regards

Farrukh

MSFC is outside to the FWSM.

Thanks.

The failover will be based on HOW your FWSM mac-address is learnt by the 'inside' devices. Under normal operation The PRIMARY FWSM will be active so all traffic will pass through the IDSM present on that Core Sw. When FWSM failovers all traffic will pass through the SECONDARY FWSM and the IDSM module in the second chassis.

Regards

Farrukh

In short, there is no provision for independnent IDSM failover across two chassis.

Thanks.

To my knowledge, NO :)

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: