I need second opinion about FWSM placement in Cat6509.
2 switches ( both Cat6509), 1st unit served as Core Switch (doing routing@L3). This unit is running hybrid mode (CatOS + MSFC). All Vlans and routing are defined here.
The 2nd unit served as Distribution with SUP720 but will be running in Layer 2 mode (no routing, SUP720 in passive mode). It will host all critical vlans such as servers under ServerFarm. It connects to Core Switch via trunk.
For management purposes, IP is configured. No routing whatsoever.
Can the FWSM sits in Distribution Switch while the MSFC sits in the Core Switch (separate box) with no routing running between them. The trunk is merely to channel Vlans across.
The main idea is to run the FWSM blade in transparent mode, but the requirement is to have it sits in Distribution Switch, while MSFC in the Core Switch.
I've seen many configuration guide and examples in Cisco website stating that both MSFC & FWSM should co-exist in the same box but nothing is mentioned similar to the above scenario.
I think the setup it will not work as FWSM should sit together with MSFC in the same switch.
Anyway, like I said, I need second opinion to make it more clear as I might be wrong in this.
The connection between the FWSM and the switch is a 6-GB 802.1Q trunking EtherChannel. This EtherChannel is automatically created when you install the FWSM. On the FWSM side, two network processors (NPs) connect to three Gigabit Ethernet interfaces each, and these interfaces comprise the EtherChannel. The switch distributes traffic to the interfaces in the EtherChannel according to a distribution algorithm based on session information; load sharing is not performed on a per-packet basis, but rather on a flow basis
Thank you for the feedback. In addition, if we have 2 x Cat6500 with FWSM (redundancy), it is recommended to use 6-GB link between them to match FWSM 6-GB backplane speed. Using less than 6-GB could be an issue if traffic load is bigger than the available link.
The Core switches (redundant-hsrp) is running in full Layer-3 & perform routing. The Distribution switches are running in Layer2 mode. The FWSM sits here with Sup720(passive).
Core to Distribution is connected via trunk.
My issue was on the FWSM placement, which was not in the same chassis where the Core (hybrid: CatOS+MSFC) sits, and the Distribution was in Layer2 mode.
Will it the setup works fine? In this case, which is the best place to put the FWSM - Core or Distribution?
Putting it in Core allows more Distrbution switch to be added into the network without getting extra FWSM. All we need to do is to add VLANs behind it. Failover not an issue as well.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :