FWSM and ACE VLAN Assignment
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2007 04:28 AM
Hi all,
Just a quick one, I?m trying to find some documentation on interoperability using the FWSM and ACE line cards for the 6500 series. Basically my question is once a VLAN has been assigned to the FWSM can be assigned to the ACE as well (at the same time) or does traffic need to pass through MSFC?
Many thanks in advance
- Labels:
-
Server Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2007 05:37 PM
When allocating VLANs to a vlan-group, be aware "a specific VLAN can only be allocated to one vlan-group". This requirement can dictate the use of multiple vlan-groups.
Either firewall or svclc commands can be used to define a vlan-group. However, the firewall command must be used to allocate vlan-groups to a FWSM, and the svclc command must be used to allocate vlan-groups to an ACE module.
for example
In this example VLANs 100 and 200 need to be allocated to the FSWM and VLANs 200 and 300 allocated to the ACE module. Due to the vlan-group constraint, an additional vlan-group must be allocated for the shared VLAN between the FWSM and ACE modules.
firewall vlan-group 30 100
firewall vlan-group 50 200
svclc vlan-group 70 300
firewall module 3 vlan-group 30
firewall module 3 vlan-group 50
svclc module 4 vlan-group 50
svclc module 4 vlan-group 70
hope it helps
Syed Iftekhar Ahmed
