Cisco Support Community
Community Member

Performance Issue

Hi there,

Wondering if anyone can help here with an issue I have with adding a PIX standby firewall to a network design. When I configure power on the PIX firewall standby performance on the LAN drops considerably. This is notable when pinging LAN switches from the Primary PIX, receive several pings and then drops and pings again. I'm quite sure that I have the firewalls configured correctly, Primary unit Active and Standby unit Standby, would I have a possible spanning tree issues causing the performance degradation.

Note: spanning tree configuration on cwnocsw01 and cwnocsw03 are the same:

spanning-tree mode pvst

With the priority set the same for all vlan's on both switches?

i.e. spanning-tree vlan 100 priority 24576

Any tips or advise much appreciated.




Re: Performance Issue

PortFast, also known as Fast Start, is an option that informs the switch that a Layer 3 device is connected out of a switch port. The port does not wait the default 30 seconds (15 seconds to listen and 15 seconds to learn); instead, this action causes the switch to put the port into forwarding state immediately after the link comes up. It is important to understand that when you enable PortFast, spanning tree is not disabled. Spanning tree is still active on that port. When you enable PortFast, the switch is informed only that there is not another switch or hub (Layer 2-only device) connected at the other end of the link. The switch bypasses the normal 30-second delay while it attempts to determine if a Layer 2 loop results if it brings up that port. After the link is brought up, it still participates in spanning tree. The port sends out bridge packet data units (BPDUs), and the switch still listens for BPDUs on that port. For these reasons, it is recommended that you enable PortFast on any switch port that connects to a PIX.

CreatePlease to create content