Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding C2940s to C2950 Cluster over VPN Tunnel

We have a PIX 515 acting as a VPN headend for a bunch of 501's which all have 2940's behind them. I'd like to add the 2940's to a cluster of 2950's switches that are behind the 515. Is this possible? I've been trying for a long time and I've come to the conclusion that I dont think it is because: a) to add a switch to a cluster it must have CDP connectivity to the command switch; b) the PIX does not support CDP or CDP pass-thru even for a VPN tunnel; c) per the 2950 documentation concerning setting up clusters, you cannot add a CDP-enabled switch to a cluster if it is behind a non-CDP capable *CISCO* device.

Am I correct in that this is not possible?


Re: Adding C2940s to C2950 Cluster over VPN Tunnel


there is a way how to add a switch to a cluster if it is behind a non-CDP capable *CISCO* device. I did it two years ago.

You need to use cluster commander-address and cluster member commands in the member and master switch configs.

I can't remember details how to get the member switch MAC address, but I think there is either the Base MAC address used (use sh ver to get it) or you can get it by sh cluster cand or sh cluster mem on a switch (you can make the member a master temporarily to get the address).

I also remember having an IP address assigned to each switch in the cluster but I don't think it's necessary (but it's a good practice).

Generally: why are you using clusters at all?

My opinion is that the only advantage is the possibility to see several devices in one browser window.

But you can get the same functionality with CiscoView StackMaker without any problems with Cluster Management Protocol using strange IP addresses derived from the switches MAC addresses for internal communication (to identify them use debug cluster .....), these addresses are checked by http ACL, etc.

More: clusters are not supported neither by Ciscoworks nor HP OpenView.



CreatePlease login to create content