Transparent Firewall Requirements - Cisco 7604 Configuration Manual

Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs Also See for 7604:
Table of Contents

Advertisement

Chapter 14
Configuring Failover
If the entire switch fails, as well as the FWSM (such as in a power failure), then both the switch and the
FWSM fail over to their secondary units
Figure 14-4
Failed
FWSM

Transparent Firewall Requirements

To avoid loops when you use failover in transparent mode, you must use switch software that supports
BPDU forwarding, and you must configure the FWSM to allow BPDUs. See the
Software Compatibility" section on page A-1
automatically.
To allow BPDUs through the FWSM, configure an EtherType ACL and apply it to both interfaces
according to the
Loops can occur if both modules are active at the same time, such as when both modules are discovering
the presence of the other module, or due to a bad failover link. Because the FWSMs bridge packets
between the same two VLANs, loops can occur when inside packets destined for the outside get
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
(Figure
Switch Failure
Internet
VLAN 100
Trunk
Eng
Mktg
Inside
"Adding an EtherType Access List" section on page
14-4).
VLAN 200
Active
FWSM
VLAN 203
VLAN 202
VLAN 201
for switch software versions that allow BPDUs
13-9.
Understanding Failover
"Switch Hardware and
14-7

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

7609-s76137606-sCatalyst 6500 series7600 series

Table of Contents