Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3 interfaces in port channel for inter fwsm HA

all sample config ive seen for FWSM interswitch failover config shows using 3 interfaces in port channel mode...

any reason why this is usually 3?

3 REPLIES
Bronze

Re: 3 interfaces in port channel for inter fwsm HA

New Member

Re: 3 interfaces in port channel for inter fwsm HA

FROM THE LINK YOUVE GIVEN, THEY ARE ALSO SHOWING 3 INTERFACES. SEE BELOW WHICH I JUST CUT AND PASTE FROM ONE OFTHE LINK YOUVE GIVEN

interface range gigabitethernet 2/1-3

channel-group 2 mode on

switchport trunk encapsulation dot1q

no shutdown

Hall of Fame Super Blue

Re: 3 interfaces in port channel for inter fwsm HA

Hi

When you deploy inter-chassis FWSM's trunks between the 6500 switches are used for 2 things

1) Failover, to send the state table, keepalives etc. There is no reason why this has to be a separate trunk dedicated to the FWSM although Cisco say if you run it across a L2 trunk that is also used for other traffic QOS should enabled and the failover packets marked with IP Prec 5.

It really depends on how busy the trunk link is with other traffic. If you decide to create a separate trunk for this then you can use whatever number of ports (up to 8) that you want. 2 would give you redundancy and enough bandwidth, provided they were Gbps ports, for the stateful traffic.

2) The actual data traffic between the FWSM. Bear in mind that the L2 trunk between the 6500 chassis may well be needed for FWSM user traffic because the active gateway on the FWSM may be across the trunk link from the sender.

Again it depends on what else the L2 trunk is used for, how busy it is and how much firewall traffic there will be but there is a strong case to create a dedicated trunk for the FWSM user traffic. I would say at a minimum 3 ports at each end but it really does depend on traffic requirements.

Don't get hung up on the number of ports used in the configuration examples as they are generic examples and may not suit your traffic profile.

HTH

Jon

349
Views
0
Helpful
3
Replies