https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801100#M969995 <HTML><HEAD></HEAD><BODY><P>Stephane</P><P></P><P>Not sure i follow. Your original question was about not being able to share a vlan across contexts and i pointed out that you can. </P><P></P><P>As far as statics are concerned, yes you need to setup static translations because the classifier first looks at the vlan interface the packet comes in on but as the vlan is shared it then needs a translation to work out which context to use. </P><P></P><P>Could you explain what you mean regarding static routes ? </P><P></P><P>Jon</P></BODY></HTML> Wed, 12 Sep 2007 06:14:10 GMT Jon Marshall 2007-09-12T06:14:10Z https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801095#M969990 <P>Hi,</P><P></P><P>I've noticed that for a reason, you cannot assign the same vlan onto multiple context within the FWSM.</P><P></P><P>Is there a way to go around this limitation? Does anybody know if this will be addressed.</P><P></P><P>Regards,</P><P></P><P>Stephane</P> Mon, 11 Mar 2019 11:07:06 GMT https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801095#M969990 stephg 2019-03-11T11:07:06Z https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801096#M969991 <HTML><HEAD></HEAD><BODY><P>Hi Stephane </P><P></P><P>You should be able to as the FWSM supports the concept of a shared vlan between contexts. On our production FWSM's we have a vlan for the outside interfaces that is shared between contexts so each outside interface has an IP address out of the same subnet. </P><P></P><P>Jon</P></BODY></HTML> Wed, 05 Sep 2007 13:47:13 GMT https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801096#M969991 Jon Marshall 2007-09-05T13:47:13Z https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801097#M969992 <HTML><HEAD></HEAD><BODY><P>Hi Jon,</P><P></P><P>I thought that multiple contexts within the same fwsm share the same mac address. Is this correct</P></BODY></HTML> Wed, 05 Sep 2007 15:03:37 GMT https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801097#M969992 stephg 2007-09-05T15:03:37Z https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801098#M969993 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>Taken from our production FWSM</P><P></P><P>Admin context</P><P>=============</P><P>Interface vlan241 "outside", is up, line protocol is up</P><P> MAC address 0015.624a.4780, MTU 1500</P><P> IP address 10.181.107.132, subnet mask 255.255.255.128</P><P></P><P></P><P>ebus context</P><P>============</P><P>Interface vlan241 "outside", is up, line protocol is up</P><P> MAC address 0015.624a.4780, MTU 1500</P><P> IP address 10.181.107.134, subnet mask 255.255.255.128</P><P></P><P>So yes they do share the same mac-address bur remember that these are purely virtual interfaces. How the FWSM decides which context to send the traffic to is all to do with the classifier and indeed when you share a vlan you do have to be aware of how the FWSM clasifier works or it can be quite confusing <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Jon</P></BODY></HTML> Wed, 05 Sep 2007 16:27:43 GMT https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801098#M969993 Jon Marshall 2007-09-05T16:27:43Z https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801099#M969994 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>But using the classifier, you had to create a static nat to get it working. On top of it I would need to cascade contexts, which I think does not work.</P><P></P><P>Why does'nt the fwsm now it's own ip's and that you have to NAT to get it working.</P><P></P><P>Wouldn't static routes work</P></BODY></HTML> Tue, 11 Sep 2007 16:55:31 GMT https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801099#M969994 stephg 2007-09-11T16:55:31Z https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801100#M969995 <HTML><HEAD></HEAD><BODY><P>Stephane</P><P></P><P>Not sure i follow. Your original question was about not being able to share a vlan across contexts and i pointed out that you can. </P><P></P><P>As far as statics are concerned, yes you need to setup static translations because the classifier first looks at the vlan interface the packet comes in on but as the vlan is shared it then needs a translation to work out which context to use. </P><P></P><P>Could you explain what you mean regarding static routes ? </P><P></P><P>Jon</P></BODY></HTML> Wed, 12 Sep 2007 06:14:10 GMT https://community.cisco.com/t5/network-security/multiple-fwsm-context-on-same-vlan/m-p/801100#M969995 Jon Marshall 2007-09-12T06:14:10Z