Cisco Catalyst 6500 Series Configuration Manual page 115

Chapter 6 Configuring Basic Settings
To enable interfaces on the same security level so that they can communicate with each other, enter the
following command:
FWSM/contexta(config)# same-security-traffic permit inter-interface
You can configure the FWSM to enable communication between two hosts on the same interface. Before
you can enable this feature, you must first correctly configure the MSFC so that packets are sent to the
FWSM MAC address instead of being sent directly through the switch to the destination host.
shows a network where hosts on the same interface need to communicate. The following samples show
the route-map command used to enable policy routing in the network shown in
fwsm(config)# route-map intra-inter3 permit 0
fwsm#(config-route-map)# match ip address 103
fwsm#(config-route-map)# set interface Vlan20
fwsm#(config-route-map)# set set ip next-hop 10.6.34.7
!
fwsm(config)# route-map intra-inter2 permit 20
fwsm#(config-route-map)# match ip address 102
fwsm#(config-route-map)# set interface Vlan20
fwsm#(config-route-map)# set set ip next-hop 10.6.34.7
!
fwsm(config)# route-map intra-inter1 permit 10
fwsm#(config-route-map)# match ip address 101
fwsm#(config-route-map)# set interface Vlan20
fwsm#(config-route-map)# set set ip next-hop 10.6.34.7
Figure 6-1
Host
OL-6392-01
Communication Between Hosts on the Same Interface
Vlan70
IP cloud-1
10.6.36.0
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Host
IP cloud-2
Vlan60
10.6.37.0
MSFC
Vlan10
10.6.35.0
SVI, Vlan20
10.6.34.0
FWSM
Configuring Interfaces
Figure 6-1:
IP cloud-3
Host
Figure 6-1
6-9