Re: FWSM Int problem

RouterTech1 · ‎12-13-2007

I can't get the Vlan interfaces on the FWSM to come up because I don't have a phy int to bind them to... Anyone know how to do this?

Here's the relevent config for the fwsm:

interface Vlan100

nameif inside

security-level 100

ip address 10.254.254.203 255.255.255.248

and the 6506:

firewall vlan-group 4 100,200

vtp mode transparent

vlan 100

name Firewall_Inside

interface GigabitEthernet2/46

no ip address

switchport

switchport access vlan 100

switchport mode access

spanning-tree bpduguard enable

interface Vlan100

ip address 10.254.254.201 255.255.255.248

RouterTech1 · ‎12-13-2007

sooo... no one's encountered this before?

jaydhindsa · ‎12-14-2007

Hi,

You are missing:

firewall module x vlan-group y.

Where x is slot where ur module sits, and y is your vlan group that you defined. This will start trunking your Vlans to FWSM.

You also need

"firewall multiple-vlan-interfaces" if you are trunking more than 1 vlans.

Hope this helps.

Thanks

Jay

RouterTech1 · ‎12-17-2007

That was it.. thanks! I managed to get the answer a few hours before you posted this. But thanks!

berkous1 · ‎12-15-2007

Hi,

one thing seems to miss on your 6506 configuration :

Below please find an example :

This example shows how you can create three firewall VLAN groups: one for each FWSM, and one that includes VLANs assigned to both FWSMs.

Router(config)# firewall vlan-group 50 55-57

Router(config)# firewall vlan-group 51 70-85

Router(config)# firewall vlan-group 52 100

Router(config)# firewall module 5 vlan-group 50,52

Router(config)# firewall module 8 vlan-group 51,52

You don't need any physical interface to do that.

check on the FWSM is the Vlan is up. Don't hesitate to type "no shutdown" in the desired vlan config.

Hope it will help.

See ya?