https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769024#M976137 <HTML><HEAD></HEAD><BODY><P>I believe only hitless upgrade is supported between minor versions but they both needs to running identical software, licenses and same VLAN configurations</P></BODY></HTML> Fri, 27 Jul 2007 19:30:48 GMT varakantam 2007-07-27T19:30:48Z https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769022#M976124 <P>One FWSM failed - H/W fault. A new FWSM was used to replace failed module. Since then we cannot get redundancy to work.</P><P></P><P>Could it be that one FWSM is at version 2.3(3) and the other one is at 2.3(2). But customer said that this difference was there even before and they did not have any problem before the H/W fault.</P><P></P><P></P><P>CFW001(config)# failover</P><P>CFW001(config)#</P><P>CFW001(config)#</P><P>CFW001#</P><P>CFW001#</P><P> Detected an Active mate</P><P></P><P>CFW001#</P><P>CFW001#</P><P> Vlan configuration mismatch</P><P> Failover will be disabled</P><P></P><P>CFW001#</P><P>CFW001#</P><P></P><P></P><P>CFW001# sh vlan</P><P>2-9, 11, 15, 17-29 , 31-33 , 37-40 , 48-50</P><P>CFW001#</P><P>CFW001# sh failover</P><P>Failover Off (pseudo-Standby)</P><P>Failover unit Secondary</P><P>Failover LAN Interface lfover Vlan 49</P><P>Unit Poll frequency 1 seconds, holdtime 15 seconds</P><P>Interface Poll frequency 15 seconds</P><P>Interface Policy 50%</P><P>Monitored Interfaces 0 of 250 maximum</P><P>failover replication http</P><P>CFW001#</P><P></P><P> </P><P></P> Mon, 11 Mar 2019 10:50:29 GMT https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769022#M976124 astanislaus 2019-03-11T10:50:29Z https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769023#M976132 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>The times when i get a vlan configuration mismatch message is when there is a discrepancy between the vlans that have been allocated to the FWSM. </P><P></P><P>Could you confirm whether the "firewall multiple-vlan-interfaces" is present on CSW002 ?. </P><P></P><P>If it isn't and you have 2 or more vlans that have routed interfaces on the CSW002 switch it may well decide to not allocate one of the vlans leading to a vlan mismatch.</P><P></P><P>HTH</P><P></P><P>Jon</P></BODY></HTML> Fri, 27 Jul 2007 14:12:02 GMT https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769023#M976132 Jon Marshall 2007-07-27T14:12:02Z https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769024#M976137 <HTML><HEAD></HEAD><BODY><P>I believe only hitless upgrade is supported between minor versions but they both needs to running identical software, licenses and same VLAN configurations</P></BODY></HTML> Fri, 27 Jul 2007 19:30:48 GMT https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769024#M976137 varakantam 2007-07-27T19:30:48Z https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769025#M976149 <HTML><HEAD></HEAD><BODY><P>Jon,</P><P></P><P>That was my firts reaction when I looked at the two CAT6500 configs and asked customer to have this command</P><P></P><P>firewall multiple-vlan-interfaces</P><P></P><P>in both switches.</P><P></P><P>This morning he did and the result was still the same as before. Problem is still there.</P><P></P><P>Vara,</P><P></P><P>What is hitless upgrade - any pointers / urls explaining this?</P><P></P><P></P></BODY></HTML> Sat, 28 Jul 2007 00:09:26 GMT https://community.cisco.com/t5/network-security/fwsm-failover-problem-getting-vlan-configuration-mismatch/m-p/769025#M976149 astanislaus 2007-07-28T00:09:26Z