Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

LAN Based Failover

Status
Not open for further replies.
bugskumar

bugskumar

Technical User
Jan 11, 2006
18
0
0
US
Cisco specifically recommends not to use a crossover cable between the primary and secondary units for failover.

My company's been using crossover cables for a while now, and now that I'm replacing the PIXs with new upgraded ones, I'm not sure if a crossover cable should be used.

Why does Cisco recommend not using the crossover cable?

Any ideas?

Thanks
 
Sort by date Sort by votes
It's a very good question actually. I too have seen numerous Cisco references saying don't use crossover cables for the failover connection. I can understand that if the inside interfaces in question were a GBIC connection for instance.

But I don't see why you can't use a direct cable for a standard 100mb ethernet connection.
 
Upvote 0 Downvote
I think the main reason could be the configuration of the network before or after the Pix. If you had redundant switches behind the failover pair and one of the lines to the switch went down, say the line that made them redundant, the Pix would never know to failover if the cable was directly connected to the other Pix the failover would never detect a problem, although failover might not occur either way, it is a good way to be alerted if there is a network issue due to loss of failover communications.
 
Upvote 0 Downvote
NetworkGhost, whenever I've seen Cisco talk about LAN based failover they actually say 'You CANNOT use a crossover cable' not 'you shouldn't use..' or 'Cisco recommends against using..'

They word it as if it simply won't work which I don't really agree with..

You could argue adding various switches to terminate each PIX, you are introducing more single points of failure. 2 PIX's side by side with a little Xover between them probably won't get disturbed much and cables that aren't disturbed much are likely to remain fault-free.

It's a curious one and I've never understood Cisco's *cannot do this* approach concerning it.
 
Upvote 0 Downvote
Read This and do a find for crossover. Looks like they dont have a problem in this doc anyways.


The Stateful Failover interface can be connected to any of the following:

* Cat 5 crossover cable directly connecting the primary unit to the secondary unit.

* 100BaseTX half duplex switch using straight Cat 5 cables.

* 100BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch.

* 1000BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch.


Two identical PIX Firewall units with a Fast Ethernet or Gigabit Ethernet LAN port dedicated to Stateful Failover are required. Connect the LAN ports for Stateful Failover on both PIX Firewall units with a crossover cable or through a switch. Full duplex is required between the Stateful Failover ports.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TierOneTech
  • Locked
  • Question
TZ105 - can I define a second WAN interface for failover?
Replies
1
Views
42
jcarmichael1203
jcarmichael1203
shmideo
  • Locked
  • Question
How to set up a wireless LAN on X5 interface TZ500
Replies
1
Views
56
shmideo
shmideo
RodneyMcSnow
  • Locked
  • Question
Hardware firewall bypassed access to the lan network. Please Help! No it's not a root kit or virus
Replies
1
Views
42
ChrisHirst
ChrisHirst
dgoradia
  • Locked
  • Question
Second public IP NAT to LAN
Replies
0
Views
37
dgoradia
dgoradia
MartinUMBT
  • Locked
  • Question
Failover / Load Balancing Interface that are not WAN
Replies
0
Views
33
MartinUMBT
MartinUMBT

Part and Inventory Search

Sponsor

Back
Top