05-08-2007 09:57 AM - edited 03-11-2019 03:10 AM
I'm unable to find any documentation with regards to adding a vlan to vlan-group that has multiple vlans already and whether it would be an atomic operation, i.e. the new vlan is added on, rather than reconfigured with a new list of vlans.
Here is an example:
I have 3 vlans with ids 100, 200, 300. I have one vlan-group 51, where these 3 vlans are assigned. This one vlan-group is already assigned to the FWSM module.
# show firewall vlan-group
Group Created by vlans
----- ---------- -----
51 FWSM 100,200,300
# show firewall module
Module Vlan-groups
------ -----------
09 51
If I were to add another vlan (400) onto vlan-group 51 like so:
(config)# firewall vlan-group 51 100,200,300,400
Would this be an atomic operation?
I'm assuming it is, as it wouldn't make sense to not be an atomic operation on a continuously reconfigured switch. But I just wanted to check and see if there was any documentation stating this fact.
05-08-2007 10:13 AM
Hi
I believe it is as well although i haven't seen it stated in the docs.
Rather than type the entire list out again you can just do
(config)# firewall vlan-group 51 400
which does suggest it does get added. Are you concerned that service might temporarily be disrupted on existing vlans ?
If so i can check in our lab tomorrow.
HTH
Jon
05-08-2007 10:38 AM
Yes, my concern was the interaction on the FWSM and whether it would impact current connection states.
Thank you for supplying the 'added' suggestion. I was always wondering whether that would append on the vlan. That is something that I couldn't find ether.
For documentation and the search engines, to remove a vlan from a vlan-group, you can do:
(config)# no firewall vlan-group 300
05-09-2007 03:58 AM
Hi
Just a quick follow up.
I thought i'd test this in the lab anyway so i set off a continuous ping to a server in one of my DMZ's and also started up an ssh session.
I then added a new vlan to the switch with the firewall vlan-group x "vlan number" command and there was not a blip. My ssh session was fine and there was no packet loss on the ping.
Just thought you'd like to now
Jon
05-21-2020 12:23 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide