Solved: FWSM--adding vlan to vlan-group

ippolito · ‎05-15-2008

We have an FWSM running in transparent mode with multiple contexts. I need to add two new vlans (one inside, one outside). Currently my config shows this, which includes three "firewall vlan-group" statements, each with a comma-separated list of vlan numbers:

firewall module 13 vlan-group 1

firewall vlan-group 1 [vlan list]

My question is: when I add the two new vlans, do I have to simply issue an additional "firewall vlan-group" statement with the two new vlan numbers, like this?

firewall vlan-group 1 10,20

Or do I have to issue a new statement that includes ALL of the existing vlans, like this?

firewall vlan-group 1 [all previously existing vlans],10,20

In other words, will my changes overwrite my existing list if I only add the two new vlans? I obviously don't want to lose connectivity by erasing all my vlans.

It would be less nerve-wracking if the statement included syntax for "adding" a vlan, similar to the syntax for "switchport trunk allowed vlan add".

Thanks

Mike

Jon Marshall · ‎05-15-2008

Mike

You do not have to list all the existing vlans. You can just list the new vlans and these will be added to your config without overwriting what is already there.

Jon

View solution in original post

Jon Marshall · ‎05-15-2008

Mike

You do not have to list all the existing vlans. You can just list the new vlans and these will be added to your config without overwriting what is already there.

Jon

ippolito · ‎05-15-2008

Thanks for the reply -- that worked.

Mike