Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
2
Replies

Problem allocating vlans from a 6500 switch to the FWSM

CSCO10576352
Level 1
Level 1

‎09-25-2007 11:19 AM - edited ‎03-11-2019 04:16 AM

Hi, I have run into a strange problem when attempting to allocate VLANs from a 6500 switch (running CATOS) to a FWSM running in multiple context mode located within the 6500 chassis. The issue is that when I enter the command on the 6500 to include two new vlans for use with the FWSM the new VLANs do not appear under the FWSM module config section on the switch to show that they have now been included for use with the FWSM. To clarify this, prior to adding the new VLANs to the current configuration the relevant line of config is for example:

set vlan 100,200,300,400,500,600 firewall-vlan 10

when the following command is issued on the switch to include the two new VLANs 700 and 800:

set vlan 100,200,300,400,500,600,700,800 firewall-vlan 10

then when the output is examined with a show run the new VLANs are not included as I again see:

set vlan 100,200,300,400,500,600 firewall-vlan 10

No error messages are thrown up by the switch and the FWSM shows the VLANs have been allocated as desired but the firewall does not seem to pass traffic all trafic despite the relevant connections getting built, it seem the traffic never gets passed from the FWSM context to the VLAN it resides on.

This configuration has worked on an identical switch/fwsm setup with no issues. I have been through all the config and can see no obvious problems.

For info the VLANS are configured and active on the switch.

Interestingly when looking at what VLANs are being trunked by the FWSM ports 1-6, ports 1-4 carry the new VLANs but ports 5&6 do not. This is not the case on the other switch which is working as all 6 trunks carry the new VLANs.

Can anyone shed any light on what may be the issue here?

If any further info is required please ask.

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

vkapoor5
Level 5
Level 5

‎10-04-2007 06:29 AM

The FWSM does not include any external physical interfaces. Instead, it uses internal VLAN interfaces. For example, you assign VLAN 201 to the FWSM inside interface, and VLAN 200 to the outside interface. You assign these VLANs to physical switch ports, and hosts connect to those ports. When communication occurs between VLANs 201 and 200, the FWSM is the only available path between the VLANs, forcing traffic to be statefully inspected.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/configuration/guide/overvw.html#wp1115796

0 Helpful

CSCO10576352
Level 1
Level 1
In response to vkapoor5

‎10-04-2007 07:01 AM

Hi, thanks for the reply. I am aware how the VLANs operate in regard to the FWSM. The actual issue is that the VLANs are not be allocated correctly to the FWSM from the CAT. A show trunk on the FWSM shows that only 4 out of the 6 trunks between the FWSM and the CAT are actually trunking the new VLANs. Additionally the new VLANs do not show up in a show run on the CAT to show they are being allocated to the FWSM.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card