Cisco Cisco Catalyst 6500 Series Firewall Services Module 문제 해결 가이드
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Background Information
The failover feature allows a standby FWSM to take over the functionality of a failed FWSM. The two
FWSMs involved must have the same major (first number) and minor (second number) software version,
license, and operating modes (routed or transparent, single or multiple context). When the active unit fails, the
state changes to standby, while the standby unit moves into the active state. After a failover occurs, the same
connection information is available at the new active unit.
FWSMs involved must have the same major (first number) and minor (second number) software version,
license, and operating modes (routed or transparent, single or multiple context). When the active unit fails, the
state changes to standby, while the standby unit moves into the active state. After a failover occurs, the same
connection information is available at the new active unit.
For additional information, refer to the Configuring Failover section of Using Failover.
Failover Checklist
This checklist helps you to successfully configure the failover in FWSM:
Verify the Interfaces
•
Licenses
•
Context Mode
•
Software Requirements
•
Minimal FWSM Configuration for Stateful Failover
•
Minimal Switch Configuration
•
Verify the Interfaces
Verify that all interfaces on the FWSM have a configured standby IP address. If you have not done so already,
configure the active and standby IP addresses for each interface (routed mode), or for the management address
(transparent mode). The standby IP address is used on the FWSM that is currently the standby unit. It must be
in the same subnet as the active IP address.
configure the active and standby IP addresses for each interface (routed mode), or for the management address
(transparent mode). The standby IP address is used on the FWSM that is currently the standby unit. It must be
in the same subnet as the active IP address.
This is an example configuration:
ip address <active−ip> <netmask> standby <standby−ip>
Note: Do not configure an IP address for the failover link or for the state link (if you are going to use Stateful
Failover).
Failover).
Note: You do not need to identify the standby address subnet mask. The failover link IP address and MAC
address do not change at failover. The active IP address for the failover link always stays with the primary
unit, while the standby IP address stays with the secondary unit.
address do not change at failover. The active IP address for the failover link always stays with the primary
unit, while the standby IP address stays with the secondary unit.
Licenses
Both active and standby units must have the same license.
Context Mode
If the primary unit is in single context mode, the secondary unit must also be in single context mode and in the
same firewall mode as the primary unit.
same firewall mode as the primary unit.