Cisco 6503 - Catalyst Firewall Security Sys Witboek - Pagina 12

Blader online of download pdf Witboek voor {categorie_naam} Cisco 6503 - Catalyst Firewall Security Sys. Cisco 6503 - Catalyst Firewall Security Sys 19 pagina's. Catalyst 6500 series chassis and module power and heat values
Ook voor Cisco 6503 - Catalyst Firewall Security Sys: Product Bulletin (6 pagina's), Aanvullende handleiding (3 pagina's), Gegevensblad (30 pagina's), Technische informatie (16 pagina's)

Cisco 6503 - Catalyst Firewall Security Sys Witboek
Dual Router Mode
DRM is the original MSFC configuration for redundant supervisor engine or MSFC configurations. In this mode, both MSFCs
are active routers on the network. Having two active MSFCs in a single chassis does not mean having two separate routers. In
fact, both MSFCs must have a nearly identical configuration, as described below in more detail. The main idea for DRM is
that each MSFC independently builds an accurate picture of the Layer 3 network.
DRM Operation
The failover mechanism between MSFCs in DRM is the Hot Standby Routing Protocol (HSRP). HSRP allows the two MSFCs
to maintain internal communication and react to an MSFC failover. HSRP needs to be configured on both MSFCs for each
VLAN where first hop default gateway redundancy is required. Internal HSRP between MSFCs works in the same manner as
HSRP between physically separate devices by sending hello messages between the routing engines. For more information
about configuring HSRP, see the Cisco IOS Software Configuration Guides at:
http://www/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdip.htm - xtocid26
and
http://www/univercd/cc/td/doc/product/lan/cat6000/sw_7_3/confg_gd/redund.htm
Because both MSFCs have independent routing tables, there is little routing protocol convergence necessary in the event of
an MSFC failure. With DRM and based on HSRP timers, the MSFC failover can be configured to less than three seconds for
LAN interfaces, thus aligning the Layer 3 failover of the MSFC with the supervisor engine failover time.
Because each MSFC has the potential for taking over for the other one, they need to maintain identical configurations. This
is an extremely important point to understand in DRM. Configuration parameters such as interfaces, access lists, policy
routing, etc. must be configured exactly the same on both MSFCs. Parameters that cannot be duplicated on a network such as
IP addresses and HSRP settings are the only parameters that are configured differently on each MSFC.
The MSFC is responsible for programming certain functions of the ASIC hardware on the PFCx. The first MSFC to go online
is considered the designated router and the second MSFC is considered the nondesignated router. In a supervisor engine 1A
system, both the designated router and the nondesignated router are able to program Layer 3 entries into the PFC Netflow table
for routing functions. In a supervisor engine 2 system, only the designated router programs the Layer 3 entries in the PFC2s
Cisco Express Forwarding table. For both a supervisor engines 1A and 2, all router ACLs and multicast shortcuts are
programmed from the designated router. As you can see, the requirement for each MSFC to have an identical configuration
is a necessity. If the MSFCs in DRM have different configurations, the forwarding ASICs will be programmed incorrectly
resulting in unexpected behavior.
MSFC Configuration Synchronization
Beginning with the MSFC Cisco IOS Software Release 12.1(3a)E4, an MSFC redundancy feature called config-sync has been
available to streamline the redundant MSFC configuration process for both MSFC and MSFC2. This feature can be used to
simplify configuration of the two MSFCs and to ensure that the MSFC configurations match. Both the startup and running
configurations between the designated (primary) and nondesignated (secondary) MSFCs are synchronized. Specifically, when
a write memory or copy <source> startup-config command is issued on the designated MSFC, the startup configurations in
NVRAM of both MSFCs are updated. This allows the configurations on the designated and nondesignated MSFCs to maintain
the same configuration without having to manually type each command twice.
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 12 of 19