Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2093
Views
0
Helpful
2
Replies

FWSM in VSS

shijomon scaria
Level 1
Level 1

‎12-27-2010 10:37 PM - edited ‎03-11-2019 12:28 PM

Hi All,

Please help me to configure FWSM in my VSS environment. I have two 6509s in my network, VSS is running in between. Each switch contains an FWSM module. I want to configure these modules with failover. What all things i need to consider before configuring these moduels? In which mode i can configure these modules, routed or transperent ? Can i configure active-active failover in these modules ?? Please help.

Thanks in advance.

Rgds,

Shijo.

Labels:
0 Helpful
2 Replies 2

mparthan
Cisco Employee
Cisco Employee

‎12-28-2010 01:47 AM

Hello Shijo,

You can view the link below to configure failover on the two FWSM's. The configuration on the FWSM is independent of whether the switches are configured to operate in VSS mode or not.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/fail_f.html

Both inter and intrachassis models of FWSM  failover are supported in VSS mode. The user has to make sure  that all VLANs (including failover/state VLANs) are pushed on both  failover units (regardless of which physical chassis they reside in).  For example, VLAN group N needs to be pushed on switch 1 as well as  switch 2 if VLAN group N contains the necessary VLANs (including  failover and state).

FWSM  failover mode of operations integrates transparently within a VSS  environment. One very important aspect is that for both active/standby  and active/active, the VSL link needs to have enough capacity to  accommodate for "failover" as well as "state" link. It is recommended to  plan around 1.5Gbps per pair of FWSM failover units as part of FWSM  failover: VSL capacity requirements.You can configure your  FWSM's in both active/active or active/standby failover depending on your requirement.

From  a logical point of view it is important to note that the VSS chassis  will behave as a single chassis, and therefore in this model "autostate +  interface monitoring" feature of FWSM will not function even if the two  units are spread across the two physical chassis. Remember that this  behavior is similar to when both FWSM units reside in the same physical  chassis in non-VSS mode (that is, autostate + interface monitoring is  not supported).

Regards,
Malavika
0 Helpful

Eduardo Aliaga
Level 4
Level 4
In response to mparthan

‎01-20-2011 09:58 PM

Hello

You mentioned  you don't use "autostate + interface monitoring" in FWSM within VSS. But in this link http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/vssdc_integrate.html it says :

"The services chassis uplink MEC provides a medium for fate sharing as the state of the integrated services modules depends on the state of the channel through autostate. Network administrators should rely on autostate for service availability and consider removing other forms of service tracking such as heartbeats or query interfaces"

Could you please clarify about using "autostate" or not ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card