Re: fwsm inside interface with svi(w/o ip address) in the switch

sding2006 · ‎11-16-2007

I am running FWSM 3.2(1) code and catalyst 6500 IOS 12.2(SXF11)

in the switch:

vlan 100 name outside

vlan 200 name inside

int vlan 100

description - outside

ip address 10.128.252.1 255.255.255.0

int vlan 200

description - inside

no ip address

in the FWSM

context test

int vlan 200

nameif outside

bridge-group 1

security-level 0

int vlan 100

nameif inside

bridge-group 1

security-level 100

int bvi1

ip address 10.128.252.2 255.255.255.0

But this is not working. we can ping the 10.128.252.2 from the switch, can't ping anything beyond that in the inside LAN. Within inside LAN, communication within is fine, but can't beyond gateway. What's the cause?

Why do we have a SVI for inside interface without IP address?

At one time, we hade firewall issue, so we just created a new svi to bypass the firewall after shutdown the int vlan100.

Thanks for the explanation.

rigoberto.cintron · ‎11-16-2007

Check this,

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/exampl_f.html#wp1029042

I hope this help

sding2006 · ‎11-16-2007

Sure, I looked at this before :-)

My question is

shutdown/no shutdown the inside vlan SVI w/o IP address will have such big effect.

I am having hard time try to understand this.

rigoberto.cintron · ‎11-16-2007

Well the SVI interface in the Supervisor will be use for management of the switch and internal/external routing. You will always need an SVI with an IP to manage the switch, but doesn't have to be in a vlan assign to the FWSM.

fwsm inside interface with svi(w/o ip address) in the switch not working