Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firewall Module with Confiugured HSRP switches

Hello ,

We have implemented HSRP configuration between the core switches for 20 VLANs, as the following:

HSRP Configuration for switch 1;

Interface Vlan4

Description “VLAN Description”

Ip address 192.168.8.2 255.255.255.0

Standby 5 ip 192.168.8.1

Standby 5 timer 5 15

Standby 5 preempt

!

HSRP Configuration for switch 2;

Interface Vlan4

Description “VLAN Description”

Ip address 192.168.8.3 255.255.255.0

Standby 5 ip 192.168.8.1

Standby 5 timer 5 15

Standby 5 priority 50

Standby 5 preempt

Now, Only on the active core switch we have inserted a firewall Module to protect VLANs communication to each other while we dont have firewall on the standby switch. Im planning to implement firewall only on one switch if the VLAN fail the traffic will be diverted on the second switch without firewalling.

Would you please assist me on Firewall configuration when i have HSRP running as per my config.

Regards,

1 REPLY
Bronze

Re: Firewall Module with Confiugured HSRP switches

HSRP provides two servicesIP redundancy and a Virtual IP (VIP) address. Each HSRP group may provide either or both of these services. Cisco IOS firewall stateful failover uses the IP redundancy services from only one HSRP standby group. It can use the VIP address from one or more HSRP groups. Use the following task to configure HSRP on the outside and inside interfaces of the router.

http://cisco.com/en/US/products/ps6441/products_feature_guide09186a00806106ea.html#wp1149287

100
Views
0
Helpful
1
Replies