Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1594
Views
0
Helpful
6
Replies

new vlan creating problem in FWSM Context

goutam_04
Level 1
Level 1

‎04-11-2010 05:17 AM - edited ‎03-09-2019 10:54 PM

Hi,

We need to add a new IP range in the Network.  In my network there are lot of Context in FWSM.  Now to add a new network, I have created a new vlan and allowed to FWSM and same created in Context.  but the vlan is not getting up in FWSM and Context.

Please help me out on this.

Labels:
0 Helpful
6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-11-2010 06:35 AM

First, vlan needs to be active on the switch (sh vlan - will show you if the vlan has been configured).

Secondly, you would need to assign the vlan to the firewall (sh run | i firewall - will show you if the vlan has been assigned to the firewall).

Thirdly, you should see that vlan in the system context, and you would need to assign them into the context (show run context - will show you if the vlan has been allocated to the context yet).

Hope that helps.

0 Helpful

goutam_04
Level 1
Level 1
In response to Jennifer Halim

‎04-11-2010 07:41 AM

All these process has been done and fine.  in the context the new vlan is showing down.  its not getting up.

What to do to make this vlan up.

find the output in RED.

FWSM-1/CDR# show int ip brief

Interface                  IP-Address      OK? Method Status                Prot                                                                           

Vlan101                    172.19.60.4     YES CONFIG up                    up

Vlan112                    10.128.112.254  YES CONFIG up                    up

Vlan301                    172.16.11.254   YES CONFIG up                    up

Vlan302                    172.16.12.254   YES CONFIG up                    up

Vlan303                    172.16.13.254   YES manual down                  down

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to goutam_04

‎04-11-2010 02:57 PM

Please go back to system context, and "no shut" the interface.

System context:

interface vlan 303

     no shut

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to goutam_04

‎04-12-2010 11:16 AM

You need to have a least one host in that vlan for it to come up.

I hope it helps.

PK

0 Helpful

goutam_04
Level 1
Level 1
In response to Panos Kampanakis

‎04-13-2010 01:20 AM

What does it mean that one host need to have in that vlan.  I did not get you.  I am creating a vlan in FWSM context,  can you give me the configuration pls. how do I allowed a host to that vlan in context.

in case of switch, if create a vlan and that vlan is not allowed in any access port or trunk port then the vlan must be in down mode.  But in case of FWSM how do i do that.

Please it will be big help for me.  if you can give me the configuration.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to goutam_04

‎04-13-2010 06:56 AM

Config on the switch

vlan 10

firewall vlan-group 1 10

firewall module 1 vlan-group 1

So FWSM in slot 1 will now see vlan 10. But if there is no switchport in vlan 10, the interface will be down in the FWSM also.

PK

0 Helpful
Customers Also Viewed These Support Documents