Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
8786
Views
0
Helpful
5
Replies

firewall vlan-group: adding vlans to exisiting vlan-group

sean.gray
Level 1
Level 1

‎11-28-2008 06:18 AM - edited ‎03-06-2019 02:43 AM

Hi,

I have the following firewall vlan-group defined on my 6500

firewall vlan-group 3 2803,2805,2807

I need to add another vlan, say 2809 to this group.

Will this command:

firewall vlan-group 3 2809

overwrite or append the exisitng vlan-group. What would be the safest method to add this new vlan to the group.

Any suggestions would be appreciated.

Thanks

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-28-2008 06:41 AM

Hello Sean,

I've given a look at one of my C6500.

the command allows multiline :

RT-xxx#sh run | inc vlan-group

firewall module 4 vlan-group 41

firewall vlan-group 41 3-9,11-14,97-99,200,201,400,405,410,415,420,425

firewall vlan-group 41 430-432,435,440,445,450,455,460,465,470,475,480,485

firewall vlan-group 41 490,531,532,600-602,605,606,610-612,615,630,644-648

firewall vlan-group 41 651,656,661,666,696-698,700-703,730,745-748,800,801

firewall vlan-group 41 901,902

RT-xxx

this is IOS

disk0:s72033-adventerprisek9_wan-mz.122-18.SXF14.bin

So I think you can add a line with the two new vlans without issues

Hope to help

Giuseppe

0 Helpful

sean.gray
Level 1
Level 1
In response to Giuseppe Larosa

‎11-28-2008 07:08 AM

Giuseppe,

Thanks for the reply.

Just so that I understand if my current config is :

sh firewall vlan-group 3

Group Created by vlans

----- ---------- -----

3 FWSM 2803,2805,2807

running the:

firewall vlan-group 3 2809

command will merely add this vlan to the exisiting group so that my output from the sh firewall vlan-group command will be as follows:

sh firewall vlan-group 3

Group Created by vlans

----- ---------- -----

3 FWSM 2803,2805,2807,2809

What I am trying to avoid is running firewall vlan-group 3 2809 and the three existing vlans are removed from the group and replaced by 2809.

Thanks again,

Sean

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to sean.gray

‎11-28-2008 10:09 AM

Sean

If you run "firewall vlan-group 3 2809" then it will just append it to the existing line. It will not overwrite your existing configuration. Promise :-)

Jon

0 Helpful

Shiva Prasad
Level 1
Level 1
In response to Jon Marshall

‎02-21-2012 03:12 PM

Hi Jon,

Thanks, that was helpful, i would be greatful if you can help clear my doubt.

Is there a specific order to add a new vlan to the fwsm ? i added a new vlan to the firewall group but it does not show up in the system context. should i input the vlan config in the fwsm system context (interface vlan ) firts  and then add the vlan in the switch config ? the diocumentation that i could find is confusing.

Regards,

Shiva

0 Helpful

Farooq Razzaque
Level 1
Level 1
In response to Jon Marshall

‎08-23-2014 08:42 AM

Dear Team

We have a core switch in VSS with FWSM running with multiple contexts.

I need to create 5 new DMZ (interfaces) in FWSM server context 

Currently my config shows like below, which includes three "firewall vlan-group" statements, each with a comma-separated list of vlan numbers:

firewall switch 1 module 4 vlan-group 1,2,3
firewall switch 2 module 4 vlan-group 1,2,3

firewall vlan-group 1  2,3,4
firewall vlan-group 2  5,6,7  (vlans for server context)
firewall vlan-group 3  8,9,10

 

My question is:  when I add the 5 new vlans, do I have to simply issue an additional "firewall vlan-group" statement with the five new vlan numbers, like this?

firewall vlan-group 2 30,40,50,60,70  (I need to add vlans in vlan-group 2)

In other words, will above command overwrite my existing list of vlans in vlan group 2 if I only add the five new vlans in vlan group 2 ?  I obviously don't want to lose connectivity by erasing all my existing vlans.


Or do I have to issue a new statement that includes ALL of the existing vlans and five new vlans, like this?

firewall vlan-group 2 [all previously existing vlans],30,40,50,60,70 (five new vlans)

I want to know if i typed the above command with existing vlan and the new vlans does it cause any issues to the running environment b/c i think with the above command existing vlans will also be pushed along with new vlans to FWSM again or this is not the case.

0 Helpful
Top