Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
4
Helpful
6
Replies

fwsm and msfc with glbp

cfajardo1_2
Level 1
Level 1

‎03-15-2008 10:41 PM - edited ‎03-09-2019 08:19 PM

hello,

SCENARIO; (see attached drawing)

-2x6500

-each having FWSM

-GLBP running on the MSFC for redundancy

-FWSM running on active/standby

QUESTIONs;

-could GLBP on msfc and active/standby on FWSMs coexist? if they could, how does msfc2 froward the outound traffic to FWSM1? ( ie. fwsm2 is standby mode).

-Do I need L2 connections between this 2 FWSM Vlans?

-do i need to run GLBP in this case for the MSFC vlan 100? i asked this because the fwsm has to see only single ip to forward traffic back to the rest of the vlans.

-anything missing on my connections (cabling)?

thanks a lot.

Labels:
Preview file
149 KB
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎03-16-2008 04:57 AM

Hi

There is no reason why the 2 (GLBP + A/S on FWSM) can't co-exist. They are independent of each other.

MSFC would forward traffic over your L2 trunk between your 6500 chassis to the active firewall. Which answers your next question - yes you do need L2 trunk for the FWSM vlans for 2 reasons

1) For forwarding traffic as described above

2) For failover between the FWSM modules.

You could run GLBP on vlan 100 but you wouldn't get any benefit because the source mac-address will always be the active FWSM and this is the only sender on that vlan so there are no other senders to load balance across both MSFCs.

Nothing missing as far as i can see. Design

looks good to me.

HTH

Jon

0 Helpful

cfajardo1_2
Level 1
Level 1
In response to Jon Marshall

‎03-16-2008 10:49 PM

- DO YOU MEAN TRUNKING ON ALL THE USER VLANS? I DONT HAVE ANY L2 TRUNK ON MY DIAGRAM. ARENT WE AVOIDING L2 TRUNKING WHEN USING GLBP.

- ISNT IT FAILOVER WILL BE TAKEN CHARGE BY THE THE FW TRUNKING SHOWN WHICH IS THE FAILOVER VLANS.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cfajardo1_2

‎03-17-2008 12:22 AM

No you don't have to trunk all the user vlans, apologies if i gave that impression. But you do need to trunk vlan 100 so that if the MSFC that is acting as the default-gateway on the clients is on the other 6500 from the FWSM active gateway it can stil send traffic to the active FWSM.

You do have a L2 trunk on your diagram unless i am misunderstanding - the one for the FWSM vlans ?

Jon

0 Helpful

cfajardo1_2
Level 1
Level 1
In response to Jon Marshall

‎03-17-2008 05:02 AM

the trunk on the fwsm are for the failover..i allocated 3 gigabit interfaces..

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cfajardo1_2

‎03-17-2008 05:08 AM

You will need to allow vlan 100 otherwise if the active FWSM is on switch 1 but the active MSFC for a client is on switch2 then how will traffic get to the active FWSM ?

cfajardo1_2
Level 1
Level 1
In response to Jon Marshall

‎03-17-2008 05:29 AM

jon i will revise the drawing and later and repost it on another thread..

thanks

0 Helpful
Customers Also Viewed These Support Documents