Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
0
Helpful
2
Replies

connecting a VRF mapped svi with a global SVI with FWSM

Go to solution
Gizmo37QC
Level 1
Level 1

‎01-22-2010 08:42 AM - edited ‎03-06-2019 09:24 AM

Hi, with the help of a couple user here (thanks a lot again), we set up a FWSM in a 6513 chassis . we have set an admin context in routed mode and working. Now we have set a context in transparent mode.

Interface A is linked to a svi on the global router.

Interface B is linked to a svi mapped in a VRF

Before the assignement of vlan-group, svi A dont see svi B in the VRF.

Now The vlan are assigned and the bvi is set. there is a rule who permit icmp on both interface.

When we are in CLI in the context, we can ping SVI A at the global router. We can ping SVI B at the VRF.  The VRF can ping the bvi . The global router can ping the bvi also.

BUT, the VRF can NOT ping the global router nor the global router can ping the VRF svi and dont see anything in the log monitor.

We permit ip any any on both interface

We permit any ethertype rule also.

Is there something to do in the global router or the FWSM to allow these 2 SVI to exchange communication ?

Thanks !

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-22-2010 10:00 AM

Hello Gizmo,

happy to see that work is in progress

have you modified the MAC address used by one SVI so that they don't see to have the same MAC address?

other thought: you may need to permit ARP traffic that is not IP

>>

We permit ip any any on both interface

We permit any ethertype rule also.

well try the first trick

Edit:

have you assigned a security level to the two interfaces vlan on the transparent context?

set a different security level on the two.

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-22-2010 10:00 AM

Hello Gizmo,

happy to see that work is in progress

have you modified the MAC address used by one SVI so that they don't see to have the same MAC address?

other thought: you may need to permit ARP traffic that is not IP

>>

We permit ip any any on both interface

We permit any ethertype rule also.

well try the first trick

Edit:

have you assigned a security level to the two interfaces vlan on the transparent context?

set a different security level on the two.

Hope to help

Giuseppe

0 Helpful

Go to solution
Gizmo37QC
Level 1
Level 1
In response to Giuseppe Larosa

‎01-22-2010 10:25 AM

yep, basic communication is working after i modify mac on the vrf-svi. Do you  know if there is any 'rule' for mac we can use when we do this ?  i only replace the first digit from 0 to 1 for now.

Next week we will go with more communication with servers and host, also exchange route between the vrf and the global router.

Thanks a lot again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card