You are correct. I was working off his version. Sometimes "upgrade" is not
an option even though it's the easiest answer so I was working with what I
had.
> version is quite old its 3.1(14)
Charles Henson
From: Farrukh Haroon <farrukhharoon_at_gmail.com>
To: Charles.Henson_at_regions.com
Cc: Muhammad Anser Khan <manserkhan_at_gmail.com>, "ccielab_at_groupstudy.com" <ccielab_at_groupstudy.com>, Fahad Khan
<fahad.khan_at_gmail.com>, "Joseph L. Brunner" <joe_at_affirmedsystems.com>, nobody_at_groupstudy.com
Date: 03/19/2010 09:47 AM
Subject: Re: FWSM issue
Charles this is a known bug, and was fixed in later FWSM versions (only
happens no reboot).
We faced it once too and learned it the same (hard) way :)
Fahad, please see 'show failover history' to know more about the reason
for the last failover (on both devices). It does not always help, but
still...
On Fri, Mar 19, 2010 at 5:05 PM, <Charles.Henson_at_regions.com> wrote:
I have also seen where the VLANs applied to the MSFC via the svclc group
(or firewall vlan-group) do not get passed up to the FWSM. Say VLAN 11 is
not active on chassis 2 but the other VLANs are. So the FWSM in chassis1
and the FWSM in chassis2 have different VLANs. This can cause them to
fail
to sync and both go active. Learned this the hard way....
Charles Henson
From: Muhammad Anser Khan <manserkhan_at_gmail.com>
To: Fahad Khan <fahad.khan_at_gmail.com>
Cc: "Joseph L. Brunner" <joe_at_affirmedsystems.com>, "
ccielab_at_groupstudy.com" <ccielab_at_groupstudy.com>
Date: 03/19/2010 06:06 AM
Subject: Re: FWSM issue
Here are some troubleshooting steps:
1- Make sure both FWSM must have same software version, license and in
the same routed or transparent mode.
2- Same Vlans should be allowed on both FWSM trunks.
3- Enable "monitor-interface" on all interfaces.
Did you see any logs when both FWSM became Active/Active?
Regards,
Anser
On Fri, Mar 19, 2010 at 1:31 PM, Fahad Khan <fahad.khan_at_gmail.com> wrote:
> version is quite old its 3.1(14)
>
> regards
> Muhammad Fahad Khan
> JNCIP - M/T # 834
> IT Specialist
> Global Technology Services, IBM
> fahad_at_pk.ibm.com
> +92-321-2370510
> +92-301-8247638
> Skype: fahad-ibm
> http://www.linkedin.com/in/muhammadfahadkhan
> http://fahad-internetworker.blogspot.com
> http://www.visualcv.com/g46ptnd
>
>
> On Fri, Mar 19, 2010 at 3:19 PM, Muhammad Anser Khan
<manserkhan_at_gmail.com>
> wrote:
>>
>> Can you post the failover configuration and the FWSM software
version ?
>>
>> Regards,
>> Anser
>>
>> On Fri, Mar 19, 2010 at 12:57 PM, swap m <ccie19804_at_gmail.com> wrote:
>> > it'll happens if both FWSM dont see each other on enough monitored
vlans
>> > as
>> > per the defined threshold, but both sides have their vlans
UP....link
>> > issues
>> > on inter-chassis trunk, vlan missing on trunk, congestion etc. are
the
>> > major
>> > reasons..
>> >
>> > secondly, it may happen if there is a configuration issue or
congestion
>> > on
>> > the failover/stateful link...its recommended to use separate
links/vlans
>> > for
>> > FO and stateful replication to avoid congestion.
>> >
>> > use firewall autostate messages to optimize failover timing.
>> >
>> > search the CCO for split brain situation, you should find few
official
>> > recommendations.
>> >
>> > Swap
>> > #19804
>> >
>> > On Fri, Mar 19, 2010 at 11:28 AM, Joseph L. Brunner
>> > <joe_at_affirmedsystems.com
>> >> wrote:
>> >
>> >> Vlans not exist on trunk ???
>> >>
>> >> -----Original Message-----
>> >> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
Behalf
Of
>> >> Fahad Khan
>> >> Sent: Friday, March 19, 2010 3:07 AM
>> >> To: ccielab_at_groupstudy.com
>> >> Subject: FWSM issue
>> >>
>> >> HI experts
>> >>
>> >> I have two 6500 switches having FWSM running Active/Passive.
suddenly
I
>> >> found the network break down. I found that both the FWSM firewalls
went
>> >> into
>> >> Active mode. I rebooted them, then the problem resolved.
>> >>
>> >> can some body identify it, what would be reason for this
happening??
>> >> has
>> >> any
>> >> one face it before??
>> >>
>> >> regards,
>> >>
>> >> Muhammad Fahad Khan
>> >> JNCIP - M/T # 834
>> >> IT Specialist
>> >> Global Technology Services, IBM
>> >> fahad_at_pk.ibm.com
>> >> +92-321-2370510
>> >> +92-301-8247638
>> >> Skype: fahad-ibm
>> >> http://www.linkedin.com/in/muhammadfahadkhan
>> >> http://fahad-internetworker.blogspot.com
>> >> http://www.visualcv.com/g46ptnd
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >>
_______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >>
_______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> >
_______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 19 2010 - 09:52:23 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART