cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Unable to establish management session to context on FWSM through VLAN

892
Views
0
Helpful
0
Comments

Core issue

In this issue, it is not possible to establish management connection to context on the Cisco Firewall Services Module (FWSM) through VLAN unless the access-list permit ip any any log command is applied on interface vlan. This issue usually occurs if the switch is configured for Distributed EtherChannel.

FWSM does not support packet re-circulation. Packet re-circulation is a specific means to forward packets internally to the chassis between the modules.

Resolution

In order to resolve this issue, force fabric-enabled modules into bus switching mode. This example shows how to force fabric-enabled modules into flow-through switching mode:

        Switch(config)#fabric switching-mode force bus-mode

This command forces all affected service modules to communicate through the chassis shared bus instead of the switched fabric, which forces the Supervisor to handle the packet re-circulation centrally instead of the service module. This command also allows the service modules to communicate properly on VLANs.