09-03-2008 05:19 AM - edited 03-06-2019 01:09 AM
Hi all
I created today a new transparent context on my FWSM (3.2(6)) which is in a 6509 with IOS in the slot 9.
Here my configuration:
firewall multiple-vlan-interfaces
firewall module 9 vlan-group 1,
firewall vlan-group 1 30,[others-removed]1030
!
vlan 1030
name mse_outside
!
!
interface Vlan1030
description ** mse_outside **
ip address 10.10.30.6 255.255.255.0
ip helper-address 10.10.20.10
ip helper-address 10.10.21.10
ip helper-address 10.10.21.14
no ip redirects
ip pim sparse-dense-mode
standby ip 10.10.30.1
standby timers 1 3
standby preempt
standby authentication xxxxxxxx
!
S6509R-1250#sh vlan
.
.
.
30 mse active
1030 mse_outside active
.
.
.
And on the FWSM Context System:
FWSM# show run
!
interface Vlan30
description mse
!
!
interface Vlan1030
description mse_outside
!
context mse
description ** mse **
allocate-interface Vlan1030
allocate-interface Vlan30
config-url disk:/mse.cfg
!
And the Context:
FWSM/mse# sh run
: Saved
:
FWSM Version 3.2(6) <context>
!
firewall transparent
hostname mse
domain-name xxxxxx
enable password xxxxxx encrypted
names
!
interface Vlan30
nameif inside
bridge-group 1
security-level 100
!
interface Vlan1030
nameif outside
bridge-group 1
security-level 0
!
interface BVI1
ip address 10.10.30.4 255.255.255.0 standby 10.10.30.5
!
passwd xxxxxxxxx encrypted
access-list CSM_TFW_ACL_INBOUND_1 ethertype permit bpdu
access-list CSM_FW_ACL_inside extended permit ip any any
access-list OUTSIDE extended permit ip any any
pager lines 24
logging enable
logging buffered informational
logging trap informational
logging device-id hostname
logging host outside 10.10.20.56
mtu inside 1500
mtu outside 1500
monitor-interface inside
monitor-interface outside
icmp permit any outside
no asdm history enable
arp timeout 14400
access-group CSM_TFW_ACL_INBOUND_1 in interface inside
access-group CSM_FW_ACL_inside in interface inside
access-group CSM_TFW_ACL_INBOUND_1 in interface outside
access-group OUTSIDE in interface outside
route outside 0.0.0.0 0.0.0.0 10.10.30.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa proxy-limit disable
http 10.10.20.12 255.255.255.255 outside
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
!
class-map CSM_CLASS_MAP_1
match default-inspection-traffic
!
!
policy-map CSM_POLICY_MAP_global_1
class CSM_CLASS_MAP_1
inspect dns maximum-length 4096
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy CSM_POLICY_MAP_global_1 global
arp-inspection inside enable flood
arp-inspection outside enable flood
Cryptochecksum:xxxxxxx
: end
FWSM/mse#
And now to the problem:
FWSM# sh vlan
28-29 , 60 , 1030
[Note, here is the Vlan 30 missing]
FWSM# sh int vlan30
Interface Vlan30 "", is down, line protocol is down
Hardware is EtherSVI
Description: mse
Allocated to a context
MAC address 0008.7ceb.1200, MTU not set
IP address unassigned
FWSM# sh int vlan1030
Interface Vlan1030 "", is up, line protocol is up
Hardware is EtherSVI
Description: mse_outside
Allocated to a context
MAC address 0008.7ceb.1200, MTU not set
IP address unassigned
FWSM#
Also note, here is the interface Vlan30 down/down.
Any ideas why I don't see the vlan30 on the FWSM, or why this interface is down?
I'm really out of ideas :(
Thanks,
Patrick
09-03-2008 05:52 AM
Hi Patrick!
You have:
"FWSM Version 3.2(6)
!
firewall transparent "
If it is possible to test, put it into routed mode and see if everything is ok.
In the meantime I will have a look maybe I can find something to help you, as your config looks ok.
A small hint (maybe only I had this problem), try to reapply the config on FWSM. Sometimes for me did not took the config from the first attend (I configure and acl and it was not there...for example). Maybe I have a bug or something.
Let me know if you solved the problem.
Good luck!
Cheers,
Calin
09-03-2008 05:59 AM
I actually deleted the whole context and recreated it, but no help.
I also changed to routed and back to transparent, no change.
Interface remains down.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide