Transparent Firewall Requirements - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 15
Using Failover
•
Figure 15-6 Trunk Failure
FWSM
Transparent Firewall Requirements
To avoid loops when you use failover in transparent mode, you must use switch software that supports
BPDU forwarding, and you must configure the FWSM to allow BPDUs. See the
Requirements" section on page 1-2
To allow BPDUs through the FWSM, configure an EtherType ACL and apply it to both interfaces
according to the
Loops can occur if both modules are active at the same time, such as when both modules are discovering
each other's presence, or due to a bad failover link as described in the
on page
OL-6392-01
Trunk failure—If the trunk between the switches fails, all communication between the FWSMs
terminates, which results in both FWSMs becoming active. Spanning Tree prevents any loops,
however, and traffic is handled successfully by one or both FWSMs until you resolve the trunk issue
(Figure
15-6).
Active Switch
Active
"Adding an EtherType Access Control List" section on page
15-25. Because the FWSMs bridge packets between the same two VLANs, loops can occur
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Internet
VLAN 100
Active Switch
No Trunk
No Failover
Links
Eng
VLAN 203
Mktg
VLAN 202
Inside
VLAN 201
for switch software versions that allow BPDUs automatically.
Understanding Failover
VLAN 200
Active
FWSM
"Chassis System
10-16.
"Basic Failover Questions" section
15-9
Advertisement
Table of Contents
Troubleshooting
