Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
0
Helpful
2
Replies

PVLAN on FWSM interface on 6500

rhholmes
Level 1
Level 1

‎05-16-2008 07:43 AM - edited ‎03-05-2019 11:02 PM

Hi,

Is it possible to apply a PVLAN configuration on a 6500 and have the interface on the FWSM configured as a promiscuous interface.

I found an old thread that said it couldn't be done, but that it might in the future.

The etherchannel interface between the switch and the FWSM uses PAgP and the PVLAN document states that PVLANs are no compatible with PAgP or LACP. (The document referred to is 6500 IOS config guide for release 12.2SXF.)

Can anyone confirm if the latest hardware/software versions can now support this configuration?

Thanks,

Rob

Labels:
0 Helpful
2 Replies 2

gpulos
Level 8
Level 8

‎05-16-2008 09:39 AM

Per cco docs:

"PVLAN support on Firewall Services Module (FWSM) begins in software version 3.1. If you run a software version earlier than 3.1, the only possible workaround is to connect the promiscuous port of the PVLAN using the crossover cable to a regular access port. Then, make a firewall for the VLAN of that access port."

Please see the following link for the PVLAN Cat Switch Support Matrix:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml

Also in the FWSM FAQ:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml#q32b

0 Helpful

rhholmes
Level 1
Level 1
In response to gpulos

‎05-20-2008 01:53 PM

Thank you. That got it working. I'm surprised that there is no configuration required on the sup card or FWSM to get this working. Meaning I didn't have to assign it as a promiscuous port.

Are there any parameters to configure at the FWSM? What if I didn't want the FWSM interface to be promiscuous, or at least control which community VLANs it could access. Is there a way to control this?

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card