I setup HSRP from the CMI and when I setup HSRP a ACL is automatically generated. Also I like to know if there is need to recreate all the ACL's that I have in the second 3550 ?

Best Regards.

I think it would be better if you post the configurations of both switches.

I have double checked the configuration, and the ACL doesn't exists anymore, but I have some questions for you, I have to copy all the ACL's that I have in the first 3550 to the new one? I have setup the vtp mode of the new 3550 to be a client, if the first 3550 goes down how do this work?

Best Regards.

Hi,

In case of HSRP on 3550, configs dont sync automatically, so u will have to manually copy the ACLs of 1st switch to 2ns one for proper functioning. Because if ACTIVE goes down at any point of time, then standby should have the same configs and restrictions for the network.

I fail to understand, why have u made 3550 as a client if this is your core switch. you should make both the switches(active and standby) as VTP server because having 2 VTP servers will give you redundancy in thenetwork, if 1 vtp server goes down other will keep propogation the advertisements.

kindly update for further clarification....

Yes in order to have your security policy remain in affect after an HSRP role change you have to have the same ACLs applied on the two switches. The VTP mode of client on the other 3550 will continue to work even if the primary 3550 goes down. I personally am not a big fan of VTP and in your small setup i will recommend setting VTP mode to transparent; however, this is just my opinion. I believe VTP version 3 will take care of most of the downsides of the existing versions, like accidentally deleting VLANs by introducing a new switch that somehow becomes the master.

Thanks for the reply, the ACL's are not replicated between the switches as I expected, this is normal?

Do you recommend me to make a copy of the running-config of my first 3550 (core) to the new one (taking in care the differences in configuration off course)?

Best Regards.

Yes it is very normal that the ACLs do not replicate between the switches; this is not a single switch with two supervisors running in redudant configuration that you should expect replication to happen between them.

As far as copying the config to your backup switch is concerned, well what i will suggest it is to make a copy of it on your desktop or laptop and edit it to include all necessary changes and then paste it or download it into the backup switch. If you want you can post both configurations here when you are done for a sanity check.

I will rebuild the configuration of both switches during the weekend, on monday I will copy the running of the switches avoiding the ACL's because they are six pages long.

Best regards,