topic FWSM Failover - packet drops in Network Security https://community.cisco.com/t5/network-security/fwsm-failover-packet-drops/m-p/881186#M957665 <P>I have configured the FWSM for Active Active failover. 2 VLANS (VLAN 7 and VLAN8) have been created for failover and state information to be replicated to other unit.</P><P></P><P>Issue: Replication does not happen. Secondary switch drops VLAN packets (see output below)</P><P></P><P>Primary FWSM</P><P></P><P>FWSM# sh interface vlan 7</P><P>Interface Vlan7 "Failover", is up, line protocol is up</P><P> Hardware is EtherSVI</P><P> Description: LAN Failover Interface</P><P> MAC address 001b.53a3.b600, MTU 1500</P><P> IP address 10.0.224.41, subnet mask 255.255.255.248</P><P> Traffic Statistics for "Failover":</P><P> 111 packets input, 76 bytes</P><P> 1222 packets output, 147228 bytes</P><P> 0 packets dropped</P><P></P><P></P><P>FWSM# sh interface vlan 8</P><P>Interface Vlan8 "Stateful", is up, line protocol is up</P><P> Hardware is EtherSVI</P><P> Description: STATE Failover Interface</P><P> MAC address 001b.53a3.b600, MTU 1500</P><P> IP address 10.0.224.49, subnet mask 255.255.255.248</P><P> Traffic Statistics for "Stateful":</P><P> 12 packets input, 0 bytes</P><P> 34 packets output, 3340 bytes</P><P> 0 packets dropped</P><P></P><P></P><P></P><P>Secondary FWSM</P><P></P><P>FWSM# sh inter vlan 7</P><P>Interface Vlan7 "Failover", is up, line protocol is up</P><P> Hardware is EtherSVI</P><P> Description: LAN Failover Interface</P><P> MAC address 0018.7475.43c0, MTU 1500</P><P> IP address 10.0.224.42, subnet mask 255.255.255.248</P><P> Traffic Statistics for "Failover":</P><P> 997 packets input, 152 bytes</P><P> 1400 packets output, 150888 bytes</P><P> 1410 packets dropped</P><P></P><P>FWSM# sh inter vlan 8</P><P>Interface Vlan8 "Stateful", is up, line protocol is up</P><P> Hardware is EtherSVI</P><P> Description: STATE Failover Interface</P><P> MAC address 0018.7475.43c0, MTU 1500</P><P> IP address 10.0.224.50, subnet mask 255.255.255.248</P><P> Traffic Statistics for "Stateful":</P><P> 32 packets input, 136 bytes</P><P> 50 packets output, 5034 bytes</P><P> 1182 packets dropped</P><P></P><P></P><P>All in all - There is no communication between the VLANs on both unit.Not sure what the issue is?</P><P></P><P>Regards</P><P>Vinod</P><P></P> Mon, 11 Mar 2019 11:43:31 GMT vinod.rathi 2019-03-11T11:43:31Z FWSM Failover - packet drops https://community.cisco.com/t5/network-security/fwsm-failover-packet-drops/m-p/881186#M957665 <P>I have configured the FWSM for Active Active failover. 2 VLANS (VLAN 7 and VLAN8) have been created for failover and state information to be replicated to other unit.</P><P></P><P>Issue: Replication does not happen. Secondary switch drops VLAN packets (see output below)</P><P></P><P>Primary FWSM</P><P></P><P>FWSM# sh interface vlan 7</P><P>Interface Vlan7 "Failover", is up, line protocol is up</P><P> Hardware is EtherSVI</P><P> Description: LAN Failover Interface</P><P> MAC address 001b.53a3.b600, MTU 1500</P><P> IP address 10.0.224.41, subnet mask 255.255.255.248</P><P> Traffic Statistics for "Failover":</P><P> 111 packets input, 76 bytes</P><P> 1222 packets output, 147228 bytes</P><P> 0 packets dropped</P><P></P><P></P><P>FWSM# sh interface vlan 8</P><P>Interface Vlan8 "Stateful", is up, line protocol is up</P><P> Hardware is EtherSVI</P><P> Description: STATE Failover Interface</P><P> MAC address 001b.53a3.b600, MTU 1500</P><P> IP address 10.0.224.49, subnet mask 255.255.255.248</P><P> Traffic Statistics for "Stateful":</P><P> 12 packets input, 0 bytes</P><P> 34 packets output, 3340 bytes</P><P> 0 packets dropped</P><P></P><P></P><P></P><P>Secondary FWSM</P><P></P><P>FWSM# sh inter vlan 7</P><P>Interface Vlan7 "Failover", is up, line protocol is up</P><P> Hardware is EtherSVI</P><P> Description: LAN Failover Interface</P><P> MAC address 0018.7475.43c0, MTU 1500</P><P> IP address 10.0.224.42, subnet mask 255.255.255.248</P><P> Traffic Statistics for "Failover":</P><P> 997 packets input, 152 bytes</P><P> 1400 packets output, 150888 bytes</P><P> 1410 packets dropped</P><P></P><P>FWSM# sh inter vlan 8</P><P>Interface Vlan8 "Stateful", is up, line protocol is up</P><P> Hardware is EtherSVI</P><P> Description: STATE Failover Interface</P><P> MAC address 0018.7475.43c0, MTU 1500</P><P> IP address 10.0.224.50, subnet mask 255.255.255.248</P><P> Traffic Statistics for "Stateful":</P><P> 32 packets input, 136 bytes</P><P> 50 packets output, 5034 bytes</P><P> 1182 packets dropped</P><P></P><P></P><P>All in all - There is no communication between the VLANs on both unit.Not sure what the issue is?</P><P></P><P>Regards</P><P>Vinod</P><P></P> Mon, 11 Mar 2019 11:43:31 GMT https://community.cisco.com/t5/network-security/fwsm-failover-packet-drops/m-p/881186#M957665 vinod.rathi 2019-03-11T11:43:31Z Re: FWSM Failover - packet drops https://community.cisco.com/t5/network-security/fwsm-failover-packet-drops/m-p/881187#M957667 <HTML><HEAD></HEAD><BODY><P>Failover (and that includes Stateful failover) is only supported on devices running the same exact version. A mechanism exists in failover to verify the peer's version, and if it differs from the current version, then failover is dis-allowed.</P><P> <A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml</A></P><P></P></BODY></HTML> Thu, 10 Jan 2008 18:01:31 GMT https://community.cisco.com/t5/network-security/fwsm-failover-packet-drops/m-p/881187#M957667 ebreniz 2008-01-10T18:01:31Z