I have also seen where the VLANs applied to the MSFC via the svclc group
(or firewall vlan-group) do not get passed up to the FWSM. Say VLAN 11 is
not active on chassis 2 but the other VLANs are. So the FWSM in chassis1
and the FWSM in chassis2 have different VLANs. This can cause them to fail
to sync and both go active. Learned this the hard way....
Charles Henson
From: Muhammad Anser Khan <manserkhan_at_gmail.com>
To: Fahad Khan <fahad.khan_at_gmail.com>
Cc: "Joseph L. Brunner" <joe_at_affirmedsystems.com>, "ccielab_at_groupstudy.com" <ccielab_at_groupstudy.com>
Date: 03/19/2010 06:06 AM
Subject: Re: FWSM issue
Here are some troubleshooting steps:
1- Make sure both FWSM must have same software version, license and in
the same routed or transparent mode.
2- Same Vlans should be allowed on both FWSM trunks.
3- Enable "monitor-interface" on all interfaces.
Did you see any logs when both FWSM became Active/Active?
Regards,
Anser
On Fri, Mar 19, 2010 at 1:31 PM, Fahad Khan <fahad.khan_at_gmail.com> wrote:
> version is quite old its 3.1(14)
>
> regards
> Muhammad Fahad Khan
> JNCIP - M/T # 834
> IT Specialist
> Global Technology Services, IBM
> fahad_at_pk.ibm.com
> +92-321-2370510
> +92-301-8247638
> Skype: fahad-ibm
> http://www.linkedin.com/in/muhammadfahadkhan
> http://fahad-internetworker.blogspot.com
> http://www.visualcv.com/g46ptnd
>
>
> On Fri, Mar 19, 2010 at 3:19 PM, Muhammad Anser Khan
<manserkhan_at_gmail.com>
> wrote:
>>
>> Can you post the failover configuration and the FWSM software version ?
>>
>> Regards,
>> Anser
>>
>> On Fri, Mar 19, 2010 at 12:57 PM, swap m <ccie19804_at_gmail.com> wrote:
>> > it'll happens if both FWSM dont see each other on enough monitored
vlans
>> > as
>> > per the defined threshold, but both sides have their vlans UP....link
>> > issues
>> > on inter-chassis trunk, vlan missing on trunk, congestion etc. are the
>> > major
>> > reasons..
>> >
>> > secondly, it may happen if there is a configuration issue or
congestion
>> > on
>> > the failover/stateful link...its recommended to use separate
links/vlans
>> > for
>> > FO and stateful replication to avoid congestion.
>> >
>> > use firewall autostate messages to optimize failover timing.
>> >
>> > search the CCO for split brain situation, you should find few official
>> > recommendations.
>> >
>> > Swap
>> > #19804
>> >
>> > On Fri, Mar 19, 2010 at 11:28 AM, Joseph L. Brunner
>> > <joe_at_affirmedsystems.com
>> >> wrote:
>> >
>> >> Vlans not exist on trunk ???
>> >>
>> >> -----Original Message-----
>> >> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
Of
>> >> Fahad Khan
>> >> Sent: Friday, March 19, 2010 3:07 AM
>> >> To: ccielab_at_groupstudy.com
>> >> Subject: FWSM issue
>> >>
>> >> HI experts
>> >>
>> >> I have two 6500 switches having FWSM running Active/Passive. suddenly
I
>> >> found the network break down. I found that both the FWSM firewalls
went
>> >> into
>> >> Active mode. I rebooted them, then the problem resolved.
>> >>
>> >> can some body identify it, what would be reason for this happening??
>> >> has
>> >> any
>> >> one face it before??
>> >>
>> >> regards,
>> >>
>> >> Muhammad Fahad Khan
>> >> JNCIP - M/T # 834
>> >> IT Specialist
>> >> Global Technology Services, IBM
>> >> fahad_at_pk.ibm.com
>> >> +92-321-2370510
>> >> +92-301-8247638
>> >> Skype: fahad-ibm
>> >> http://www.linkedin.com/in/muhammadfahadkhan
>> >> http://fahad-internetworker.blogspot.com
>> >> http://www.visualcv.com/g46ptnd
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >>
Received on Fri Mar 19 2010 - 09:05:11 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART