Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
614
Views
0
Helpful
3
Replies

2960X Stack and Firewall Standby Issue

Mike Wagner
Level 1
Level 1

‎09-21-2022 07:09 PM

Hi Everyone,

So, I have a pair of Cisco Firepower 4110 firewalls in an HA active/standby configuration, and a pair of edge routers with HSRP.  I needed four 10GB ports to create a L2 domain for all of the devices to be connected together.  So, I stacked a pair of 2960X switches with the latest recommended firmware, and connected a router and firewall into each switch.

After about an hour, the active firewall stops passing traffic.  I spent weeks trying to discover the root cause (thinking it was the Firepower).   I even got Cisco to send me a RMA 4110.  After no luck, I discovered that the standby firewall's virtual MAC address is not showing in the MAC address table.  I can see the MAC of the primary and secondary HSRP routers and the Active Firepower, but nothing on the standby.

Does anyone have any ideas I can try?  When I plug them all in to a 3850 with SFP+ ports, all is well and no missing MACs.  However, I don't have a second 3850 for redundancy.  I'd like to utilize the 2960X switches if possible.

 

Thanks!

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-22-2022 12:08 AM

Can you draw a small diagram of both working and not working?

also, post-show run config of cisco 2960 and version of code running.

what logs you on Cisco 2960 switch?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mike Wagner
Level 1
Level 1
In response to balaji.bandi

‎09-22-2022 06:13 AM

I've attached a really bad diagram    I have a better one in Visio, but it has a bunch of other stuff on it too.

Each device is connected to a TenGigabitEthernet port.  ASR 1 to Ten1/0/1, Firepower 1 to Ten1/0/2, ASR 2 to Ten2/0/1 Firepower 2 to Ten2/0/2

Firepower 2 is the Standby unit whose MAC disappears when all of this goes awry.

The config is very basic.  Nothing except VLAN 103, switchport mode access, spanning-tree portfast on all four tengig ports.

The IOS version is 15.2.7 E6

There was nothing in the logs when this happened.

Preview file
20 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Mike Wagner

‎09-22-2022 07:55 AM

This odd, is the stack in ring ? no stack cable loose ?

i try different version lower and test it.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card