Hardware Bypass Network Modules - Cisco 3110 Hardware Installation Manual
Hide thumbs
Also See for 3110:
- Message manual (134 pages) ,
- Hardware installation manual (84 pages) ,
- Getting started (42 pages)
Table of Contents
Advertisement
Overview
Hardware Bypass Network Modules
Hardware bypass (also known as fail-to-wire) is a physical layer (Layer 1) bypass that allows paired interfaces
to go into bypass mode so that the hardware forwards packets between these port pairs without software
intervention. Hardware bypass provides network connectivity when there are software or hardware failures.
Hardware bypass is useful on ports where the secure firewall is only monitoring or logging traffic. The
hardware bypass network modules have an optical switch that is capable of connecting the two ports when
needed. The hardware bypass network modules have built-in SFPs.
Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port
4, but you cannot pair Port 1 with Port 4 for example.
Caution
There are three configuration options for hardware bypass network modules:
• Passive interfaces—Connection to a single port.
• Inline interfaces—Connection to any two like ports (10 Gb to 10 Gb for example) on one network module,
• Inline with hardware bypass interfaces—Connection of a hardware bypass paired set.
Note
For More Information
• See
Install, Remove, and Replace the Network Module, on page 65
and replacing network modules.
When the secure firewall switches from normal operation to hardware bypass or from hardware bypass back
to normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length
of the interruption; for example, behavior of the optical link partner such as how it handles link faults and
debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on.
During this time, you may experience dropped connections.
For each network segment you want to monitor passively, connect the cables to one interface. This is
how the nonhardware bypass network modules operate.
across network modules, or fixed ports.
For each network segment you want to monitor inline, connect the cables to pairs of interfaces.
For each network segment that you want to configure inline with fail-open, connect the cables to the
paired interface set.
For the 1/10/25-Gb network modules, you connect the top port to the bottom port to form a hardware
bypass paired set. This allows traffic to flow even if the secure firewall fails or loses power.
If you have an inline interface set with a mix of hardware bypass and nonhardware bypass interfaces, you
cannot enable hardware bypass on this inline interface set. You can only enable hardware bypass on an inline
interface set if all the pairs in the inline set are valid hardware bypass pairs.
• See
1-Gb SX/10-Gb SR/10-Gb LR/25-Gb SR/25-Gb LR Network Module with Hardware Bypass,
on page 22
for a description of the 1/10/25-Gb network module.
Cisco Secure Firewall 3110, 3120, 3130, and 3140 Hardware Installation Guide
Hardware Bypass Network Modules
for the procedure for removing
19
Advertisement
Chapters
Table of Contents
