05-15-2008 07:35 AM - edited 03-11-2019 05:45 AM
We have an FWSM running in transparent mode with multiple contexts. I need to add two new vlans (one inside, one outside). Currently my config shows this, which includes three "firewall vlan-group" statements, each with a comma-separated list of vlan numbers:
firewall module 13 vlan-group 1
firewall vlan-group 1 [vlan list]
firewall vlan-group 1 [vlan list]
firewall vlan-group 1 [vlan list]
My question is: when I add the two new vlans, do I have to simply issue an additional "firewall vlan-group" statement with the two new vlan numbers, like this?
firewall vlan-group 1 10,20
Or do I have to issue a new statement that includes ALL of the existing vlans, like this?
firewall vlan-group 1 [all previously existing vlans],10,20
In other words, will my changes overwrite my existing list if I only add the two new vlans? I obviously don't want to lose connectivity by erasing all my vlans.
It would be less nerve-wracking if the statement included syntax for "adding" a vlan, similar to the syntax for "switchport trunk allowed vlan add".
Thanks
Mike
Solved! Go to Solution.
05-15-2008 11:37 AM
Mike
You do not have to list all the existing vlans. You can just list the new vlans and these will be added to your config without overwriting what is already there.
Jon
05-15-2008 11:37 AM
Mike
You do not have to list all the existing vlans. You can just list the new vlans and these will be added to your config without overwriting what is already there.
Jon
05-15-2008 12:52 PM
Thanks for the reply -- that worked.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide