Will FWSM running 3.1(20) run with VS-S720 running native?

ajamua · ‎06-27-2012

I am about to replace the supervisor engine in our pair of distribution switches in our data center. We currently have a FWSM module installed in each of my distribution switches running 3.1(20) code. The old sup720 are running 8.6(4) and the mfsc are running 12.2(17d)SXB11a. I am wondering about the compatibility of running the FWSM with the same code after installing the new VS-S720 modules. I do not plan on configuring virtual switch yet and did plan on upgrading the FWSM to 4 code train but just not immediately. Will I be able to run my FWSM using the current 3.1(20) code after I install my new VS-S720 running in native mode?

If I have to upgrade the FWSM then I need to know if I have to upgrade the module in each distribution switch at the same time? Furthermore I do not believe that the FWSM 4 code is supported in hybrid mode, which means that I will have to convert to native before upgrading to FWSM 4 before I install the VS-S720 in one of my distribution switches. Currently the FWSM modules are in active/standby mode in different chassis.

I had planned to install the VS-S720 module in one of my distribution switch and do the other installation a week later. I would rather not have to convert to native and upgrade the FWSM modules in both distribution switches during the first switch upgrade. Please let me know what my options are for this pending maintenance.

cnDS02> (enable) sh mod     
Mod Slot Ports Module-Type               Model               Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
1   1    16    1000BaseX Ethernet        WS-X6516A-GBIC      no  ok
2  .... Please refer to Detail Note. cnDS02> (enable) sh mod     
Mod Slot Ports Module-Type               Model               Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
1   1    16    1000BaseX Ethernet        WS-X6516A-GBIC      no  ok
2   2    16    1000BaseX Ethernet        WS-X6516A-GBIC      no  ok
3   3    8     1000BaseX Ethernet        WS-X6408A-GBIC      no  ok
5   5    2     1000BaseX Supervisor      WS-SUP720-BASE      yes ok
15  5    1     Multilayer Switch Feature WS-SUP720           no  ok
6   6    2     1000BaseX Supervisor      WS-SUP720-BASE      yes standby
16  6    1     Multilayer Switch Feature WS-SUP720           no  standby
7   7    16    1000BaseX Ethernet        WS-X6516A-GBIC      no  ok
8   8    6     Firewall Module           WS-SVC-FWM-1        no  ok
9   9    48    10/100/1000BaseT Ethernet WS-X6148-GE-TX      no  ok

Mod Module-Name          Serial-Num
--- -------------------- -----------
1                        SAL1213KM8N
2                        SAL08207Q16
3                        SAL061116GU
5                        SAD0801031S
15                       SAD075308AL
6                        SAL095184P4
16                       SAD08160971
7                        SAL0749QEU9
8                        SAD09330BM5
9                        SAL1028UHEF

Mod MAC-Address(es)                        Hw     Fw         Sw
--- -------------------------------------- ------ ---------- -----------------
1   00-1f-6c-a1-31-80 to 00-1f-6c-a1-31-8f 4.6    7.2(1)     8.6(4)
2   00-08-7d-cb-92-74 to 00-08-7d-cb-92-83 4.1    7.2(1)     8.6(4)
3   00-08-a4-f4-17-e4 to 00-08-a4-f4-17-eb 2.1    5.4(2)     8.6(4)
5   00-0d-29-10-08-f4 to 00-0d-29-10-08-f7 3.0    7.7(1)     8.6(4)
    b4-14-89-61-f8-40 to b4-14-89-61-f8-7f
15  b4-14-89-61-f8-7c to b4-14-89-61-f8-7d 2.0    12.2(17d)S 12.2(17d)SXB11a
6   00-0e-38-5f-4f-28 to 00-0e-38-5f-4f-2b 3.1    8.1(3)     8.6(4)
16  b4-14-89-61-f8-7c to b4-14-89-61-f8-7d 2.1    12.2(17d)S 12.2(17d)SXB11a
7   00-08-7d-ca-66-90 to 00-08-7d-ca-66-9f 1.0    7.2(1)     8.6(4)
8   00-15-2b-68-d4-00 to 00-15-2b-68-d4-7f 3.1    7.2(1)     3.1(20)
9   00-18-73-21-4d-28 to 00-18-73-21-4d-57 7.0    7.2(1)     8.6(4)

Mod  Sub-Type                Sub-Model           Sub-Serial  Sub-Hw Sub-Sw
---- ----------------------- ------------------- ----------- ------ ------
5    L3 Switching Engine III WS-F6K-PFC3A        SAD075309Y5 2.0    
6    L3 Switching Engine III WS-F6K-PFC3A        SAD0738063Y 1.2

Gautam Bhagwandas · ‎07-01-2012

Dear Ajamua,

a. FWSM 3.1(20) is supported with VS-S720-10G. Kindly note though that CatOS is not supported on VS-S720-10G. Only Native IOS SXH was the first release to be supported on these supervisors. Kindly refer data sheet:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/product_data_sheet0900aecd806ed759_ps708_Products_Data_Sheet.html

Extract from data sheet:

Software Compatibility

• Cisco Catalyst 6500 Series
• Cisco IOS Software Release 12.2(33)SXH and later
• Cisco 7600 Series
• Cisco IOS Software Release 12.2(33)SXH and later

b. FWSM with VSS

Supported from 4.0(4) but requires the VS-S720-10G to run atleast SXI:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html#wp168876

You are right that FWSM 4.0 does not support CatOS at all. It only supports Native IOS.

I am surprised that FWSM works with SXB :). My understanding was that 3.1 requires atleast SXF to be running on the MSFC.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/release/notes/fwsmrn31.html#wp73044

Just on a side note, i see that 6516A card does not support VSS. Same goes true with WS-X6408A-GBIC. Please check the release notes below.

Ref URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/hardware.html#wp4810130

You might want to go over the Software Advisor tool to make sure that you have compatible hw for your proposed sw.