Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Urgent!! interswitch FWSM failover fail

Hi,

We have do some redundant & failover test ( please reference attachment ) :

1. shutdown Catalyst 6513-A FWSM, the failover test is ok

2. bring up Catalyst 6513-A FWSM, then use "failover active" command to switchover, the failover test is ok

3. use "show redundant" IOS command to verify Catalyst 6513-A SUP720 redundant status is ok, use "show failover" FWSM command to verify both FWSM failover status is ok, then we remove Catalyst 6513-A active SUP720, it switchover to another SUP720, and Catalyst 6513-A & Catalyst 6513-B L2 connection is ok, access to Catalyst 6513-C & Catalyst 6513-D and clients below them are ok, but access through FWSM fail, ping to FWSM interface fail ( wait more than 5 mins after remove SUP720 ). the FWSM failover command when network connection fail :

Failover On

Failover unit Primary

Failover LAN Interface faillink Vlan 252

Unit Poll frequency 5 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

failover replication http

Config sync: active

Last Failover at: 16:38:31 Nov 19 2005

This host: Primary - Active

Active time: 995 (sec)

Interface pacs (10.100.254.1): Normal (Waiting)

Interface his (10.100.250.1): Normal (Waiting)

Interface dj (10.100.253.1): Normal (Waiting)

Other host: Secondary - Failed

Active time: 1205955 (sec)

Interface pacs (10.100.254.2): Normal

Interface his (10.100.250.2): Normal

Interface dj (10.100.253.2): Normal

Stateful Failover Logical Update Statistics

Link : statelink Vlan 251

Stateful Obj xmit xerr rcv rerr

General 160623 0 162151 0

sys cmd 160617 0 160614 0

up time 0 0 0 0

RPC services 0 0 0 0

xlate 0 0 0 0

TCP conn 11 0 8231 0

UDP conn 0 0 0 0

ARP tbl 6 0 1537 0

RIP Tbl 0 0 0 0

L2BRIDGE Tbl 0 0 0 0

Xlate_Timeout 0 0 0 0

TCP NPs 1910 0 1950167 19594

UDP NPs 199 0 52853 19594

Logical Update Queue Information

Cur Max Total

Recv Q: 0 3 162151

Xmit Q: 0 2 160623

Attachment are show tech ( during normal state ) & network diagram. Can you advise me to resolve this problem?

Best Regards,

12 REPLIES
Silver

Re: Urgent!! interswitch FWSM failover fail

hi,

when you failover to secondary SUP, do you have communication between the SUP and FWSM IPs? have you tried to clear arp? what does show arp says on both?

New Member

Re: Urgent!! interswitch FWSM failover fail

Hi,

No, I can not ping FWSM IPs from SUP720 when failover to secondary SUP720. I have not try to clear arp and show arp to identify the arp table.

I have try to ping througth FWSM, not always timeout, but very few packet pass. Is it possible both FWSM in active state after SUP720 failover? Does the Cat6513 & FWSM configuration and network diagram correct?

Best Regards,

Silver

Re: Urgent!! interswitch FWSM failover fail

Hi,

We dont know which one of the FWSM was active? It is possible that both FWSM goes in active state, but if FWSM communicates through a vlan that is not broken, it shouldnt happen.

thanks

Nadeem

Re: Urgent!! interswitch FWSM failover fail

When the second SUP720 become active, can you check whether the local FWSM is active?

Try bring down the FWSM on the switch with newly elected/active SUP720 and check (ping) whether clients connected to vlan his (vlan 255) & vlan dj (vlan253) can still ping the vlans interface IPs? Successful ping may indicates the FWSM on the Cat with inactive SUP720 is active.

Maybe you need to configure hsrp (with priority) on vlan254 on the both SUP720s and configure interface pacs on FWSM with ospf as well so that if vlan254 on 1st SUP720 is detected as down or SUP720 being pulled out, the second SUP720 will take over together with hsrp and ospf update on both FWSMs.

Rgds,

AK

Re: Urgent!! interswitch FWSM failover fail

FYI, i have almost similar setup with yours.

- 2 x Cat6513 with SUP2 and FWSM (v2.2(1))

- hsrp

- ospf

The HSRP and FWSM failover between Cat6513 works fine

New Member

Re: Urgent!! interswitch FWSM failover fail

Hi,

After second SUP720 become active, the local FWSM is active, but failover status is not ok

Failover On

Failover unit Primary

Failover LAN Interface faillink Vlan 252

Unit Poll frequency 5 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

failover replication http

Config sync: active

Last Failover at: 16:38:31 Nov 19 2005

This host: Primary - Active

Active time: 995 (sec)

Interface pacs (10.100.254.1): Normal (Waiting)

Interface his (10.100.250.1): Normal (Waiting)

Interface dj (10.100.253.1): Normal (Waiting)

Other host: Secondary - Failed

Active time: 1205955 (sec)

Interface pacs (10.100.254.2): Normal

Interface his (10.100.250.2): Normal

Interface dj (10.100.253.2): Normal

Stateful Failover Logical Update Statistics

Link : statelink Vlan 251

Stateful Obj xmit xerr rcv rerr

General 160623 0 162151 0

sys cmd 160617 0 160614 0

up time 0 0 0 0

RPC services 0 0 0 0

xlate 0 0 0 0

TCP conn 11 0 8231 0

UDP conn 0 0 0 0

ARP tbl 6 0 1537 0

RIP Tbl 0 0 0 0

L2BRIDGE Tbl 0 0 0 0

Xlate_Timeout 0 0 0 0

TCP NPs 1910 0 1950167 19594

UDP NPs 199 0 52853 19594

Logical Update Queue Information

Cur Max Total

Recv Q: 0 3 162151

Xmit Q: 0 2 160623

After we bring down the FWSM on the switch with newly elected/active SUP720 to switch active state to FWSM in another Catalyst 6509, the network connection, so I think this is not ospf problem, maybe the problem is after SUP720 switchover, both FWSM in active state. ( But the L2 connection between 2 Catalyst 6509 is ok??? )

Best Regards,

Re: Urgent!! interswitch FWSM failover fail

Can you post config for standby FWSM? I have seen this problem before when I first deploy my FWSM. Both of the blades are in active-active mode.

Rgds,

AK

New Member

Re: Urgent!! interswitch FWSM failover fail

Hi,

FYI. But before SUP720 switchover, the FWSM failover status is ok, and simple FWSM failover test ( shutdown Active FWSM ) is ok.

Best Regards,

Re: Urgent!! interswitch FWSM failover fail

Can you give me your email address? Maybe I can send you my full config.

Rgds,

AK

New Member

Re: Urgent!! interswitch FWSM failover fail

Hi,

My email address : jackson_ku@mikotek.com.tw

Is there any different with your configuration?

Best Regards,

Jackson Ku

New Member

Re: Urgent!! interswitch FWSM failover fail

Hi,

After second SUP720 become active, the local FWSM is active, but failover status is not ok

Failover On

Failover unit Primary

Failover LAN Interface faillink Vlan 252

Unit Poll frequency 5 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

failover replication http

Config sync: active

Last Failover at: 16:38:31 Nov 19 2005

This host: Primary - Active

Active time: 995 (sec)

Interface pacs (10.100.254.1): Normal (Waiting)

Interface his (10.100.250.1): Normal (Waiting)

Interface dj (10.100.253.1): Normal (Waiting)

Other host: Secondary - Failed

Active time: 1205955 (sec)

Interface pacs (10.100.254.2): Normal

Interface his (10.100.250.2): Normal

Interface dj (10.100.253.2): Normal

Stateful Failover Logical Update Statistics

Link : statelink Vlan 251

Stateful Obj xmit xerr rcv rerr

General 160623 0 162151 0

sys cmd 160617 0 160614 0

up time 0 0 0 0

RPC services 0 0 0 0

xlate 0 0 0 0

TCP conn 11 0 8231 0

UDP conn 0 0 0 0

ARP tbl 6 0 1537 0

RIP Tbl 0 0 0 0

L2BRIDGE Tbl 0 0 0 0

Xlate_Timeout 0 0 0 0

TCP NPs 1910 0 1950167 19594

UDP NPs 199 0 52853 19594

Logical Update Queue Information

Cur Max Total

Recv Q: 0 3 162151

Xmit Q: 0 2 160623

After we bring down the FWSM on the switch with newly elected/active SUP720 to switch active state to FWSM in another Catalyst 6509, the network connection is ok, so I think this is not ospf problem, maybe the problem is after SUP720 switchover, both FWSM in active state. ( But the L2 connection between 2 Catalyst 6509 is ok??? )

Best Regards,

Re: Urgent!! interswitch FWSM failover fail

This is the partial config of my active FWSM. But as you said, it could be due to SUP as well. Will post it later.

796
Views
0
Helpful
12
Replies
CreatePlease to create content