[c-nsp] Question - FWSM on 6500 switches
David J. Hughes
bambi at Hughes.com.au
Tue Nov 15 18:18:52 EST 2005
On 16/11/2005, at 7:45 AM, Vish Yelsangikar wrote:
> Does anyone have any experiences (both good and bad) with Firewall
> module on 6500?
We tried to implement FWSMs in a pair if 6509 chassis that also
contained a Sup720 and a CSM. We had no end of problems with this
combination. We would see some form of CAM table corruption that end
up punting random packets passing through the CSM into the wrong VLAN.
Take the FWSM out of the equation and the CSM operates as expected.
Very spooky and a nightmare to recreate / diagnose.
The TAC ended up producing a similar situation in the lab but never our
actual problem. The customer impact of this was so great that the
FWSMs were removed from the chassis and returned. We are looking at
delivering virtual firewall instances using pixos 7.x on stand-alone
hardware. I'm not a fan of the "multi service chassis" idea anymore.
It's way too hard to debug when things turn to custard.
David
...
More information about the cisco-nsp
mailing list