cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
470
Views
0
Helpful
5
Replies

fwsm disgining issue

Madhan Kumar
Beginner
Beginner

Hi all,

One of my client recently purchased two FWSM modules and placed it on the 6509E switch. The switch is already in production. The traffic is not yet diverted to the modules. My clients requirement is he want 10 G throghput. The switch is already having 100 vlans and he wants to put only 5 vlans on inside and remaining vlan should be on outside. I am totally new to FWSM and no idea about how to design this requirement. Anyone please help How can I design and plan this implementation. Your help is really appreciable.

Thank you...

Rgds

R.MADHANKUMAR

1 ACCEPTED SOLUTION

Accepted Solutions

I meant to have

5vlans---FWSM---newvlan----switch SVI--------95vlans on the switch.

You might need to make SVIs and routing changes on the switch depending on the setup.

Please rate helpful posts.

PK

View solution in original post

5 REPLIES 5

Panos Kampanakis
Cisco Employee
Cisco Employee

The FWSM can do maximum 5.5Gbps. Real world traffic it can do less than that.

Your best bet would be to use both FWSMs. I would make sure I split the traffic between the 2 and put vlans behind it so that the traffic that flows through it is not more that 4-5Gbps.

Here is a logical diagram

     up to 4-5Gbps

vlans----FWSM1-----

                            | ----outside

vlans----FWSM2-----

     up to 4-5Gbps

I hope it helps.

PK

Hi Pk,

Thanks for your reply. As per your idea I will split the traffic and place the vlans. I have 100 vlans running at switch and I want to place only 5 vlans inside and remaining vlans should be outside. Is it possible?. If it is possible I have to create all inerface vlans at FWSM like 5 vlans are inside and the reamining vlans are outside and route the traffic to the outside vlans?. Expecting your valuable suggestions. There is no internet in this site and it is a intranet kind of setup.

You can of course push all the vlans on the FWSM and have the FWSM firewall the outside vlans and the 5 other vlans.

You can also put the 5 vlans behind the FWSM/s and have the outside being a new SVI on the switch and then the switch routing to all the other vlans. That can be done also. So you don't need to push all the vlans to the FWSM/s.

I hope it makes sense.

PK

Hi PK,

Would you please little bit elaborate. I am just confused to place vlans on the module. If I create all 95 interface vlans as outside interfaces then it seems a big task to route all inside vlan traffic to outside vlans.

I meant to have

5vlans---FWSM---newvlan----switch SVI--------95vlans on the switch.

You might need to make SVIs and routing changes on the switch depending on the setup.

Please rate helpful posts.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: