Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
5
Helpful
6
Replies

IOS 12.2.33(SXI) sessioning to service modules (ACE + FWSM)

jpkottusch
Level 1
Level 1

‎03-03-2009 05:07 AM - edited ‎03-06-2019 04:21 AM

We have 2 Catalyst 6509 with IOS 12.2(33)SXI and an ACE + FWSM Module in each chassis.

One chasis is equipet with a SUP VSS720 the other one is equipet with SUP7203B (will be upgraded to SUP VSS720 later).

The ACE Software is A2(1.3) the FWSM Software is 4.04.

There is no ability to get to the console of FWSM or ACE by "session slot 9 processor 0" or "session slot 8 processor 1.

The reason is:

sw0002-bt11#session slot 9 proc 0

The default escape character is Ctrl-^, then x.

You can also type 'exit' at the remote prompt to end the session

Trying 127.0.0.90 ...

% Connection timed out; remote host not responding

with the sho module command every thing seemed to be ok!

We reasambled the modules in a spare chassis with SUP7203B and IOS 12.2(18)SXH. Every thing works fine even the sessioning command works as we think. We can connect to the consoles.

We need the IOS 12.2(33)SXI for virtual switching in later use.

Doe's naybody knows what goes wrong?

Thanks for your answers

Joerg

Labels:
0 Helpful
6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-03-2009 05:28 AM

Hello Joerg,

what do you see in the output of

sh module

what is the state of the FWSM ACE service modules ?

the firmware image for VSS is 4.0.4 the one you have

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/intro_f.html#wp1069578

I've found this link but it is only descriptive:

http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c72b.shtml

Hope to help

Giuseppe

0 Helpful

jpkottusch
Level 1
Level 1
In response to Giuseppe Larosa

‎03-03-2009 05:34 AM

Hi Guiseppe,

thanks for your answer.

sh module shows:

sw0002-bt11#sh mod

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

1 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL1248BN0T

2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL1030W42G

3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL114886J4

4 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAD082404C0

5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL1015JVSF

8 6 Firewall Module WS-SVC-FWM-1 SAD123802JP

9 1 Application Control Engine Module ACE20-MOD-K9 SAD1233015N

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------ ------------ -------

1 0023.0455.8c10 to 0023.0455.8c17 1.6 12.2(18r)S1 12.2(33)SXI Ok

2 0018.7354.8690 to 0018.7354.86bf 2.4 12.2(14r)S5 12.2(33)SXI Ok

3 001e.4a9e.fce0 to 001e.4a9e.fd0f 2.6 12.2(14r)S5 12.2(33)SXI Ok

4 000f.f77e.a3ec to 000f.f77e.a41b 2.1 12.2(14r)S5 12.2(33)SXI Ok

5 0016.9df6.7854 to 0016.9df6.7857 5.2 8.4(2) 12.2(33)SXI Ok

8 001f.ca08.d174 to 001f.ca08.d17b 4.3 7.2(1) 4.0(4) Ok

9 001d.70d1.c206 to 001d.70d1.c20d 2.4 8.7(0.22)ACE A2(1.3) Ok

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ ----------- ------- -------

1 Distributed Forwarding Card WS-F6700-DFC3C SAL1248BT0N 1.1 Ok

2 Centralized Forwarding Card WS-F6700-CFC SAL1029VWV0 2.0 Ok

3 Centralized Forwarding Card WS-F6700-CFC SAL11477NAZ 4.0 Ok

4 Centralized Forwarding Card WS-F6700-CFC SAD08220605 2.0 Ok

5 Policy Feature Card 3 WS-F6K-PFC3B SAL1021NY7Q 2.3 Ok

5 MSFC3 Daughterboard WS-SUP720 SAL1020NDQ4 2.5 Ok

I think this output is ok.

Regards, Joerg

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to jpkottusch

‎03-03-2009 08:56 AM

Hello Joerg,

the state of service modules is OK.

given the freshness of the IOS image and of VSS I would open a TAC Service request.

Hope to help

Giuseppe

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎03-15-2009 11:43 PM

Hello Joerg,

I don't know if you have solved.

A collegue has found a more detailed white paper on how to insert FWSM in VSS.

a double command firewall vlan-group one for each member chassis is needed

see

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/white_paper_c11_513360.html

Hope to help

Giuseppe

0 Helpful

jpkottusch
Level 1
Level 1
In response to Giuseppe Larosa

‎03-16-2009 05:33 AM

Hi giuslar,

Yes, we solved the problem!

The two catalyst's were installed in an environment were we do not need ip routing. So we disbaled ip routing.

With routing ip enabled we can do sessioning as well.

A Cisco-TAC professionel in Bruxelles has build up our

cenario. He found the same erros as we did!

This is only with IOS 12.2(33)SXI. You must enable ip routing and every thing works fine. Thanks fore your help.

With regards Jörg

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to jpkottusch

‎03-16-2009 05:47 AM

Hello Jeorg,

probably ip routing is needed to be able to address the module using loopback addresses like 127.0.0.x being two chassis after all and needing to go via the VSL link.

This gives us some insight on VSS implementation.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card