Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
803
Views
0
Helpful
1
Replies

secure vlan

gaoyang
Level 1
Level 1

‎02-05-2004 01:00 AM

why vlan 1 cannot be secure vlan on 6500+FWSM?

Router#conf

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#firewall vlan-group 1 1-2

Vlan 1 can not be a secure vlan

Labels:
0 Helpful
1 Reply 1

mchin345
Level 6
Level 6

‎02-11-2004 07:00 AM

You can think of the FWSM module like an another router (or firewall) controlling its own interfaces on layer-3. This layer-3 router, i.e. the FWSM, now connects on the IP level to the MFSC (via the secure VLAN interfaces - SVI). This means that the MFSC does not control any VLAN, which is dedicated to the FWSM. These VLANs are controlled by the FWSM exclusively, i.e. all traffic sent to any of the firewall controlled VLANs must go across the FWSM. If the MFSC and the FWSM would have a VLAN in common(VLAN1 is default VLAN), traffic might enter this VLAN without being checked by the firewall thereby creating a security hole.

0 Helpful
Customers Also Viewed These Support Documents