Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
2
Replies

Is the number assigned for "firewall-group" on 6509 significant?

jnorth
Level 1
Level 1

‎11-18-2011 02:39 AM - edited ‎03-11-2019 02:52 PM

Is there any significance to the parameter "firewall-group" in the command

firewall vlan-group <firewall-group> <vlan-id>…<vlan-id>?

In other words is the series of commands

firewall switch 1 module 3 vlan-group 1,2

firewall vlan-group 1 100,101,102

firewall vlan-group 2 200,201,202

exactly equivalent to

firewall switch 1 module 3 vlan-group 3

firewall vlan-group 3 100,101,102,200,201,202

or

firewall switch 1 module 3 vlan-group 1,2,3

firewall vlan-group 1 100,200

firewall vlan-group 2 101,201

firewall vlan-group 3 102,202

All three of these options associate the same set of  vlans to the FWSM but using different groupings. As far as I can tell, these groupings have no functional significance either on the switch side or the FWSM side. These are simply three different ways of specifying exactly the same thing? Am I correct?

Labels:
0 Helpful
2 Replies 2

ajay chauhan
Level 7
Level 7

‎11-18-2011 05:11 AM

Hi,

Cisco says-

you can assign all the VLANs to one group, or you can create an inside group and an outside group, or you can create a group for each customer.

even though there isn't a practical reason to do so.

Thanks

Ajay

0 Helpful

jnorth
Level 1
Level 1
In response to ajay chauhan

‎11-19-2011 07:21 PM

Thanks. So it is a completely meaningless construct. I wonder why the CLI is not simply something like

firewall switch 1 module 3 vlan 100,101,102

firewall switch 1 module 3 vlan 200,201,202

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card