Solved: FWSM cisco 6500 limits vlan-group on module

jsimons · ‎09-29-2006

With a FWSM license of 20 firewalls,

no more than 16 vlan-groups are allowed for one module.

Whats the limit of the vlan-groups with a license of 50 or higher ?

ethiel · ‎09-29-2006

Lowen is right, you can actually map all of your VLANs to the module with a single group. Then inside the system context you decide which VLANs map to which contexts.

In answer to your question lowen, yes you can map multiple groups to one module. I acutally do that sometimes, even though there isn't a practical reason to do so.

- Eric

View solution in original post

lowen · ‎09-29-2006

I don't understand the question. If you're talking about firewall vlan-groups on the switch/router, you only need 1 vlan-group for each fwsm (or failover pair), regardless of the number of contexts. Can you actually assign multiple firewall vlan-groups to a module?

If you're talking about the vlans in a firewall vlan-group, where does this information about the restriction come from? You could have 16 vlans for a single transparent context (with 8 bvi's), which would imply you could have 320 vlans w/20 contexts. I've never seen anything about a restriction related to vlan-groups.

ethiel · ‎09-29-2006

Lowen is right, you can actually map all of your VLANs to the module with a single group. Then inside the system context you decide which VLANs map to which contexts.

In answer to your question lowen, yes you can map multiple groups to one module. I acutally do that sometimes, even though there isn't a practical reason to do so.

- Eric

jsimons · ‎10-02-2006

I think you answered my question.

I had a vlan-group configured for each context

( 16- was the limit).This wasn't necessary,

I can use only one vlan-group for all of the contexts.

Okee,thanks Lowen en Ethiel.