We need to add a new IP range in the Network. In my network there are lot of Context in FWSM. Now to add a new network, I have created a new vlan and allowed to FWSM and same created in Context. but the vlan is not getting up in FWSM and Context.
Please help me out on this.
First, vlan needs to be active on the switch (sh vlan - will show you if the vlan has been configured).
Secondly, you would need to assign the vlan to the firewall (sh run | i firewall - will show you if the vlan has been assigned to the firewall).
Thirdly, you should see that vlan in the system context, and you would need to assign them into the context (show run context - will show you if the vlan has been allocated to the context yet).
Hope that helps.
All these process has been done and fine. in the context the new vlan is showing down. its not getting up.
What to do to make this vlan up.
find the output in RED.
FWSM-1/CDR# show int ip brief
Interface IP-Address OK? Method Status Prot
Vlan101 172.19.60.4 YES CONFIG up up
Vlan112 10.128.112.254 YES CONFIG up up
Vlan301 172.16.11.254 YES CONFIG up up
Vlan302 172.16.12.254 YES CONFIG up up
Vlan303 172.16.13.254 YES manual down down
What does it mean that one host need to have in that vlan. I did not get you. I am creating a vlan in FWSM context, can you give me the configuration pls. how do I allowed a host to that vlan in context.
in case of switch, if create a vlan and that vlan is not allowed in any access port or trunk port then the vlan must be in down mode. But in case of FWSM how do i do that.
Please it will be big help for me. if you can give me the configuration.
Config on the switch
firewall vlan-group 1 10
firewall module 1 vlan-group 1
So FWSM in slot 1 will now see vlan 10. But if there is no switchport in vlan 10, the interface will be down in the FWSM also.