Customizing The Fwsm Internal Interface; Configuring The Switch For Failover - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 2
Configuring the Switch for the Firewall Services Module
Last clearing of "show interface" counters never
Input queue:0/75/0/0 (size/max/drops/flushes); Total output drops:0
Queueing strategy:fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
L2 Switched:ucast:196 pkt, 13328 bytes - mcast:4 pkt, 256 bytes
L3 in Switched:ucast:0 pkt, 0 bytes - mcast:0 pkt, 0 bytes mcast
L3 out Switched:ucast:0 pkt, 0 bytes
Customizing the FWSM Internal Interface
The connection between the FWSM and the switch is a 6-GB 802.1Q trunking EtherChannel. This
EtherChannel is automatically created when you install the FWSM. On the FWSM side, two network
processors (NPs) connect to three Gigabit Ethernet interfaces each, and these interfaces comprise the
EtherChannel. The switch distributes traffic to the interfaces in the EtherChannel according to a
distribution algorithm based on session information; load sharing is not performed on a per-packet basis,
but rather on a flow basis. In some cases, the algorithm assigns traffic unevenly between the interfaces
and, therefore, between the two NPs. Aside from not utilizing the full processing potential of the FWSM,
consistent inequity can result in unexpected behavior when you apply resource management to multiple
contexts. (See the
to the algorithm see the command for your operating system:
•
•
Configuring the Switch for Failover
To configure the switch for failover, see the following topics:
•
•
•
OL-6392-01
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
4 packets output, 256 bytes, 0 underruns
0 output errors, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
"Configuring a Class" section on page 5-14
Cisco IOS Software
Router(config)# port-channel load-balance {dst-ip | dst-mac | dst-port | src-dst-ip |
src-dst-mac | src-dst-port | src-ip | src-mac | src-port}
The default is src-dst-ip.
Catalyst operating system software
Console> (enable) set port channel all distribution {ip | mac | session |
ip-vlan-session} [source | destination | both]
The default is ip both.
Assigning VLANs to the Secondary Firewall Services Module, page 2-12
Adding a Trunk Between a Primary Switch and Secondary Switch, page 2-12
Ensuring Compatibility with Transparent Firewall Mode, page 2-12
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Customizing the FWSM Internal Interface
for more information.) To make changes
2-11
Advertisement
Table of Contents
Troubleshooting
