Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
4
Replies

Redundant CSM Config

jrichterkessing
Level 1
Level 1

‎03-16-2005 05:49 AM

I am attempting to get my two CSMs in a redundant/failover config. I have two 6509s with SUP720s in them, each with a CSM blade. Currently only one CSM is being used. I haven't implemented any of the below config yet, (since this will be an overnight exercise) I'm just hoping someone could look this over and let me know if this looks correct, or give me any advice as to what I am doing wrong.

The two 6509s are connected together via a 4G etherchannel connection, the connection is trunked via DOT1Q. Attached is a Visio 2002 formatted drawing (hoping you all have Visio) showing my config. I am load balancing in both bridged mode and routed mode (will be shortly anyway). In the drawing, my current config is in blue, and my planned/future config to achieve redundancy is in green.

One of the items mentions in the config example on Cisco's site mentions to remove the server and fault-tolerant VLANs from being trunked to prevent problems.....not quite sure why that is and if I remove the fault-tolerant VLAN from the trunk, how will the two CSMs communicate??

Thanks....Jeff

Labels:
6144-CSMRedundancy.vsd
0 Helpful
4 Replies 4

drussell
Level 1
Level 1

‎03-16-2005 03:15 PM

If I understand your drawing correctly, you have a few of things that ought to be changed:

(this is not all inclusive)

1. The CSM client and server vlans need unique addresses.

2. Don't configure MSFC interfaces for your server vlans. You want the CSM to be the only way in and out for a server.

3. Create a separate etherchannel for the FT that is not set up as a trunk.

4. Not sure why the client and server vlans are on the same vlan. Generally, they are different.

0 Helpful

jfoerster
Level 4
Level 4

‎03-17-2005 10:29 PM

Hi Jeff,

some comments from my side.

1) You are using bridged mode for vlan601/602. This is fine but not that secure than routed mode but makes it easier for accessing servers directly. Furthermore no change in the server settings are needed

2) I personally wouldn't configure VLAN 603 on the MSFC as this would require either

- a gateway change on the servers towards the CSM,

- src-nat or

- using direct server return.

Non of the above 3 things are that nice except direct server return is needed due to capacaty issues.

Some general errors are present in the config auf 6509B:

You can not use the same IP in the CSM vlan601,602,603 on the active and the passive module. They have to be different on both chassis. Please use an alias for having a redundant IP which could be used as the gateway.

Find below an example how this could look like for vlan601

6509A:

vlan 601 client

ip address 10.63.140.5 255.255.255.0

alias 10.63.140.4 255.255.255.0

gateway 10.63.140.1

6509B:

vlan 601 client

ip address 10.63.140.6 255.255.255.0

alias 10.63.140.4 255.255.255.0

gateway 10.63.140.1

For sure this change has to be applied to the other CSM-vlans too.

This would cause that you do not need to change the routing on the MSFC/server as the gateway remains the same. Pls remembe my comment on the MSFC VLAN603 and consider if you real need to acces vlan603 directly from the MSFC or if it is enough if it is accessible via the CSM

Kind Regards,

Joerg

0 Helpful

jrichterkessing
Level 1
Level 1
In response to jfoerster

‎03-18-2005 04:48 AM

Thanks guys for your help. I've been out of the office and just catching up. The current config I inherited so I am in the process of cleaning it up and also implementing this redundancy.

I know ideally I would like to have a dedicated connection between the two 6509s for the FT VLAN, but is it absolutely necessary?? Ports are at a premium in these boxes right now, if so I may need to steal one of the gig ports out of the 4G trunk on each to create this link. Also, the "no ip igmp snooping", can I turn this off for just my FT VLAN?? or do I need to enter this globally (we have a number of multicast apps and I was trying to simplify my change as it affects them as much as possible).

Thanks again...Jeff

0 Helpful

jfoerster
Level 4
Level 4
In response to jrichterkessing

‎03-19-2005 08:09 AM

Hi Jeff,

I never had an issue with igmp snooping as I always used a seperate VLAN for FT where NO client/server was plugged in. Just the two CSMs where members of this VLAN.

So no need to have a layer3 VLAN on the MSFC for this. Only layer2 definition and that's it. In regards of the trunk. How many connections do you think you have at once and what are you planning to replicate? What'S the traffic on the trunk today?

Kind Regards,

Joerg

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card