05-16-2008 07:43 AM - edited 03-05-2019 11:02 PM
Hi,
Is it possible to apply a PVLAN configuration on a 6500 and have the interface on the FWSM configured as a promiscuous interface.
I found an old thread that said it couldn't be done, but that it might in the future.
The etherchannel interface between the switch and the FWSM uses PAgP and the PVLAN document states that PVLANs are no compatible with PAgP or LACP. (The document referred to is 6500 IOS config guide for release 12.2SXF.)
Can anyone confirm if the latest hardware/software versions can now support this configuration?
Thanks,
Rob
05-16-2008 09:39 AM
Per cco docs:
"PVLAN support on Firewall Services Module (FWSM) begins in software version 3.1. If you run a software version earlier than 3.1, the only possible workaround is to connect the promiscuous port of the PVLAN using the crossover cable to a regular access port. Then, make a firewall for the VLAN of that access port."
Please see the following link for the PVLAN Cat Switch Support Matrix:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
Also in the FWSM FAQ:
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml#q32b
05-20-2008 01:53 PM
Thank you. That got it working. I'm surprised that there is no configuration required on the sup card or FWSM to get this working. Meaning I didn't have to assign it as a promiscuous port.
Are there any parameters to configure at the FWSM? What if I didn't want the FWSM interface to be promiscuous, or at least control which community VLANs it could access. Is there a way to control this?
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide