FWSM issue

mredel · ‎05-24-2006

CAT 6513 IOS ver.12.2(18)SXF4

FWSM ver. 3.1(1)

Firewall module in slot 5 of 6513.

Firewall is setup for multiple context mode.

I have the following config on the switch:

firewall multiple-vlan-interfaces

firewall module 5 vlan-group 1

firewall vlan-group 1 2

interface vlan 2

ip adress 10.1.1.1 255.255.255.0

no shut

I can create a new context on the firewall and allocate an interface to that context.

The FWSM shows this interface as up/up:

Interface Vlan2 "", is up, line protocol is up

Hardware is EtherSVI

Available for allocation to a context

MAC address 0015.63bc.eb00, MTU not set

IP address unassigned

However, when I try to assign an IP address or set the Security level for the interface it fails, basically the commands:

"nameif"

"ip address"

are not available.

At this point, I am only looking to get an IP address assigned so that I can copy the latest ASDM file and manage via the GUI.

Any thoughts?

gfullage · ‎05-24-2006

Sounds like you haven't changed into the new context that you created. The "nameif" and "ip address" commands are only available in the specific context. You assign the interfaces to each context from the system context, but then you actually configure those interfaces from within the context themselves.

Have a good read of http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_3_1/fwsm_cfg/contxt_f.htm to get a good understanding of how they work. To be honest, if you don't really need contexts then I would stay away from them, they can get confusing.

Also keep in mind that commands like "copy" from the system context use the interfaces and IP addresses assigned to teh "admin" context, so you need to assign your IP addresses, etc to that context if you want to be able to download software onto the flash on the system context.