Using FWSM as a promiscous port in a PVLAN setting

tmcmurray · ‎11-17-2004

Hello. I would like to configure a private vlan (PVLAN) to use an internal FWSM (6509) as a router. I understand that the FWSM uses 6 "ports" with which it speaks to the sup720, question is What is the port that I could set to promiscous mode?

As an example, if I were using an MSFC to route, I would set 16/1 to promiscous.

nkhawaja · ‎12-04-2004

Could you elaborate. What do you mean by setting a port in promiscous mode? I dont think these ports are configurable.

thanks

Nadeem

cookia · ‎02-15-2005

Hi,

I have a similar query regarding Private Vlans and FWSM.

My understanding is that when creating PVlans you assign a Primary Vlan eg. 100 and associate secondary Pvlans to it, either community or isolated.

In order to enable out of Vlan access you need to define either physical Layer 2 ports as promiscous (as these should connect to Routers), or Layer 3 Vlan Ports.

This works fine for a switch with MSFC or in my instance a Sup720.

But can you do it with an onboard FWSM?

These have 6 virtual ports based on slot inserted, mine for example is in slot 3 and it shows as 3/1, 3/2, 3/3, 3/4, 3/5, 3/6 (I found this while implementing qos and a "show mls qos").

But in running config these interfaces do not appear.

Can you assign FWSM virtual ports as promiscous, or is FWSM incompatible with Private Vlans?

Many thanks!

ishah · ‎02-18-2005

Hi,

Sorry - one of the limitations of FWSM virtual interfaces is that you cannot use it with PVLANs

You can use MSFC or a external firewall or layer 3 device.

rafals · ‎02-21-2005

The usage of private vlans is not yet supported

with FWSM but is planned for release with version 3.1 of the FWSM software - information from Cisco TAC.

cookia · ‎02-22-2005

Cheers Guys!