Cisco Switching/Routing :: 6509 - VSS Active Chassis Both FWSM And VSS Failover
Sep 25, 2012
Any have experience on triggered failover on VSS deployment with 1 VS-720-10G-3C in each chassis? I tried using "redundancy force-switchover" but after that the 20G VSL is flapping up & down and cannot be up normally, we got 1 FWSM in each chassis, any configuration need to fit in this kind deployment? BTW, if I shutdown the power source of VSS active chassis, both FWSM & VSS can failover normally.
View 3 Replies
ADVERTISEMENT
Feb 7, 2012
The 6509 Series Switches support the scenario VSS Active-Active Chassis, I would like to setup both switch's as one virtual switch but working at the same time, not with Active - Stand By Chassis.
My plans it to create PortChannel accross both Switches 6509 in order to have 2 links one connected to one slot/switch and the other connected to slot/switch in the second 6509 for servers redundancy.
View 1 Replies
View Related
Sep 30, 2012
I have 2 6509 chasis with one SUP720-3B in each and current IOS is s72033-ipservicesk9_wan-mz.122-18.SXF4 and 2 FWSM with version is 3.3.1 I need to upgrade FWSM system software to 4.1, after checking FWSM 4.1 release notes, I thought of upgrading IOS to latest version to 12.2(33)SXJ.I got new 2 CF of 512MB and downloaded the new IOS on them and need to upgrade 6509 IOS first to meet the requirement for FWSM upgrade.
View 1 Replies
View Related
Oct 27, 2011
Currently we have two inter-chassis FWSM redundancy. I would like to configure them for intra-chassis.
Both FWSM's are in slot 7 of 6509 switches and i want to take secondary out from one of the 6509 switch and insert in the slot 3 of primary switch.
I addedd the following commands in my primary switch.
There were commands already present for FWSM in primary switch
firewall multiple-vlan-interfaces
firewall module 7 vlan-group 1
firewall vlan-group 1 2,3,777
to create intra-chassis redundancy i addedd the following command also there.
firewall module 3 vlan-group 1
after adding that, my firewalls worked fine but there was a issue with site loading. People from outside were able to access inside but from inside, we were not able to go outside.
do we need to clear arp from both FWSM's ? is there any other precautionary step, which we need to follow while working on it.
View 1 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Dec 19, 2012
Currently have a pair of 6509 chassis setup with VSS. Only have the Sup and two line cards in each chassis. Would like to replace with a new pair of 6504E chassis. Is it possible to fail one chassis at a time and migrate to the new 6504E?
View 3 Replies
View Related
Mar 25, 2013
I have cisco 4510R L3 switch with installed 2 Sup on slot 5 and 6. the current active Sup is in Slot5 i want to make active Sup6 in slot 6 which is currently standby sup in chassis. Is there any way to make standby Sup to ACTIVE without reloading any of the Supervisor. however there is two way as per my understanding -
1. we can reload the active Sup so that standby Sup will take charge. - (redundancy reload shelf)
2. we can focefully switchover the state of Sup's by (redundancy forcefully swithover) but in above both cases reload will be performed by one of the supervisor. which i don't want.
View 2 Replies
View Related
Mar 9, 2013
We have a backup sup 720 which has a 2 gigabit ethernet though port channel, to another chassis. Suddenly UDLD detected an error and got into err disable, then this err disable didn't let the interface set to DOWN, and created a switch loop, then our Supervisor reloaded. I'd like to know what could have caused this reload. In my opinion could have a been the switch loop, but also I've been checking from the output interpreter the show tech and might have been a bug, the only one that could match in IOS version 12.2(33)SXH, is this one: url...
We're going to disable err-disable next time I guess and recover the link manually, apart from that what could have made the sup for crash and reload?
View 4 Replies
View Related
Jan 28, 2012
swapping out a failed supervisor card on a 6509 chassis?
View 6 Replies
View Related
May 1, 2013
we have some pairs of 6509-VSS, which partially have old (no more officially supported) 6509-Chassis.All linecards in the VSS are the same (Sup 720-10GE-3C, 67XX).
We now bought some new 6509-E-Chassis and want to change the old chassis by the new ones in a ISSU manner, that means:
1. putting the partner, which chassis changes, in redundancy mode, switch it off, exchange chassis (old "Catalyst 6509", new "Catalyst 6509-E")
2. inserting the line-cards exactly in the same slots and connecting all cables
3. switch on the new chassis, witing to come up in VSS
I'm not sure of having to set the switch number for VSS (is that in the Sup?; configuration? or part of the chassis-memory?)
I've looked up cisco for some hints, but don't found anything.
View 5 Replies
View Related
Jan 19, 2011
I had a problem with a FWSM of 6500 because the FWSM primary change to standby and after back to active.
View 1 Replies
View Related
Oct 18, 2012
Are there any physical characteristic differences between the 6509 and 6509-E chassis?
View 4 Replies
View Related
Dec 9, 2012
I have multiple 6509 vss switch. and i notice when the standby chassis reboot I didn't get any snmp trap, but I got when the active one reboot. my question is is there any mib out there for detecting and got a trap when standby reboot?
View 2 Replies
View Related
Nov 29, 2010
I have a heck of a time finding this kind of information on the cisco site...Is the WS-SUP720-BASE line card a fully supported module in the 6509-E chassis?
View 4 Replies
View Related
May 15, 2013
setting up VRF-lite on redundant 6509-E chassis to account for chassis failure? Let's say I have 2x 6509-Es configured with HSRP for 2 vlans, ServerA and ServerB. So
6509-A#
!
interface Vlan10
description ServerA VLAN
ip address 10.10.10.2 255.255.255.0
ip flow ingress
standby 1 ip 10.10.10.1
standby 1 priority 105
[code].....
I now need to create an environment where the Server VLANs can be provided for two customers and they need to be wholly separate. On 6509-A, I make VRF CustomerA and VRF CustomerB and I assign Vlan10 to VRF CustomerA and Vlan20 to CustomerB. Do I create the SAME VRFs on 6509-B with the same logic?
View 1 Replies
View Related
Nov 17, 2012
I have a vlan defined in FWSM for server farm there is a one server with two IP addresses and teaming has done on it how ever from FWSM i am able to ping both IP addresses but from core 6509 switch i am only able to ping one ip address. from FWSM show ARP command displays the same virtual mac addresses against both IPS of the same server.
View 2 Replies
View Related
Oct 8, 2012
We are planning to upgrade the IOS on our two 6509E supervisors in the next few weeks. We currently run IOS 12.2(33) SXI1 and are upgrading to 12.2(33) SXJ3. At the moment the two supervisors are in SSO mode and after reading many articles it says that when the images are different on the two supervisors they are in RPR mode. When you then reload the active supervisor it will reboot all the line cards.
1. Is above correct? Will my line card reload?
2. We also have a FWSM installed, When/If the line cards are rebooted does the FWSM also reboot?
View 1 Replies
View Related
Feb 7, 2012
Configuring FWSM in a 6509. When I set "firewall vlan-group 40 40-42,251", it results in: "No more than one svi is allowed. Command rejected.".
I had "firewall multiple-vlan-interfaces" set for a previous use of this module, but took that off with the "no" command. Suspect that is the issue, but do not see how to resolve. Seems similar to bug CSCsr48563, but I am at the fixed code for that bug.
View 1 Replies
View Related
Mar 20, 2012
I am looking at deploying a pair of 5585X's in an active/active multiple context state. I am creating Mulitple contexts that need to be able to route to each other. I was going to deploy a type of Gateway context that has a shared interface to all of the other contexts, instead of sharing interfaces directly between the contexts, i beleive this will work as basically i am just cascadng the contexts and sharing interfaces.
The main problem i have come across, is that if i deploy active/active across two appliances using 2 failover groups i can not see a way to route between them, for example.
I have Context 1, Context 2 and Context GW A including the shared interfaces of Con1 and Con2 in failover group 1 on appliance A with the respective standbys on Appliance 2. I have Context 2, Context 4 and Context GW B including the shared interfaces of Con 3 and Con 4 in failover group 2 on appliance B with the respective standbys on Appliance 1.
I need to be able to route traffic between Context GW A and GW B so that the contexts can communicate in normal operation and in failover. I do not beleive that I can share an interface between contexts in two separate failover groups and to be honest without adding a L3 device between the appliances i am not sure if this is possible.
View 9 Replies
View Related
May 15, 2012
we need to install a line cards (WS-X4548-GB-RJ45, chassis WS-C4510R-E), on a chassis Ws-6504-E.where I can find information about compatibility?
View 2 Replies
View Related
Oct 15, 2012
I have the Cisco VSS consisting two chassis 6509.I have the system Active-Dual detection via Enhanced PAgP with one neighbor - standalone cisco 3750. All works good.I want to add one more neighbor - cisco stack 3750x with 3 members. Will this scheme work? And what is in danger, if the stack is split into two parts?
View 2 Replies
View Related
Feb 24, 2013
I have a two fiber connection from our Central Office(6513) to Remote office (6509). I have a requirement that on the remote office if one of the fiber goes down, the second fiber should work as a failover. I am planning to use SUP720-3B SFP to connect to the CO.
Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G5/2? or Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G6/2? I am running EIGRP between sites. Any sample config.
sup-bootflash:s72033-pk9sv-mz.122-18.SXD7b.bin"
View 4 Replies
View Related
Jul 9, 2012
Can I upgrade FWSM 4.0.3 to 4.0.17 with Chassis IOS s72033-adventerprisek9_wan-mz.122-33.SXH4.bin ?
In chassis's slot we have ACE and FWSM slot also. if I will upgrade chassis it will reboot ACE too.I do not want to reload Chassis.
View 2 Replies
View Related
Jun 1, 2011
I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies
View Related
Mar 30, 2011
I have 2 asa 5520 firewalls including and 1 AIP-SSM-10 module in each of them. the configuration is set using active/active failover and context mode.
Both of them run individualy the IPS module. The IPS is configured using inline mode and fail-open option. However when one of the module fails and the state is changing from up to init or anything else making the IPS to fail then failover is detected and ASA consider it as failover and bounce context to the other unit.
IPS soft is 6.0(4) and ASA soft is 8.0(3)
I have checked cisco doc and it is confusing to me. it says: "The AIP-SSM does not participate in stateful failover if stateful failover is configured on the ASA failover pair." but it really does participate. Running is not really an option because of production network impact matter..
View 2 Replies
View Related
Dec 27, 2011
its possible to set up active/active failover using etherchannel on 5585s?
View 1 Replies
View Related
Jun 10, 2012
I am working on a network which has two ISP connections (Active/Active) terminating on router (ASR1000). From the LAN side (6500 switch) all the traffic need to be route on ISP1 but some of the specific subnets like 10.250.0.0/16 need to be route on ISP2 connection.
I am planning to use PBR and NAT with route maps. any documents or refrences are provided.
(access switches)---------(core switch)----------(routers)----------------(ISP1)
----------------------(ISP2)
View 1 Replies
View Related
Feb 29, 2012
Need to remove the IPSec VPN SPA module from the 6509 chassis. Does the module is hot swappable or does the 6509 need to be turned off prior to removal.
View 2 Replies
View Related
Mar 28, 2012
I have inherited a 6509 VSS switch system as the network core and have the task of ensuring proper redundancy and redesign of the directly connected data center devices. One of the connected devices (WLC 4402) physically appears to be connected to both switches - the WLC is in the same rack as VSS-Chassis1 so I can trace the fiber from WLC port 1 to gi1/1/22, the other fiber from the WLC port 2 goes into the floor and presumably over to VSS-Chassis2 gi2/1/22 (there is fiber connected there, I have link lights on both sides, and the port channel, Po200, on the VSS switch which is configured on gi1/1/22 is also configured on gi2/1/22). My question pertains to the CDP neighbor output I get on the VSS switch: (truncated to include just the WLC) [code]
So my question, arising at least partly from the apparently misleading CDP information, is this: How can I confirm that the WLC is correctly dual homed to both core switches? (short of tracing the cable) I ask because there are several other devices (not WLCs) that need to have the dual homed connections confirmed.I tried a layer 2 trace route but for all macs associated with the WLC, the trace abborts with the error "Device has Multiple CDP neighbours on destination port."
View 2 Replies
View Related
Jul 24, 2011
I have 2 FWSM running on 2 Cat6500 chassis, they work as a Active/Stanby group. Firewall mode is transparent. [code] HA is running well, but I can not ping the standby IP (10.98.1.248). So what could be the problem?
View 3 Replies
View Related
May 10, 2012
i do have two 6500 in VSS mode , and one FWSM module on each 6500, i want to configure these modules as Active/Standby, how do i start , should i follow this (not in VSS mode): url..
View 1 Replies
View Related
Jul 1, 2012
We've just invested in a pair of Sup2Ts to upgrade a Sup720 6509 chassis but I'm unsure exactly how the management port(s), aka the Connectivity Management Processor (CMP), should be configured (and patched) in a dual supervisor system?Is each CMP an independent entity or is the management interface configuration (IP address, gateway, etc) replicated between supervisors?If it's the latter then do both management ports need to be physically connected at the same time?
View 1 Replies
View Related
