Cisco Catalyst 6500 Series Configuration Manual page 42

Assigning VLANs to the Firewall Services Module
To assign VLANs to the FWSM, follow these steps:
To assign VLANs to a firewall group, enter the following command:
Step 1
Router(config)# firewall vlan-group firewall_group vlan_range
The vlan_range can be one or more VLANs (1 to 1000 and from 1025 to 4094) identified in one of the
following ways:
• A single number (n)
A range (n-x)
•
Separate numbers or ranges by commas. For example, enter the following numbers:
5,7-10,13,45-100
Routed ports and WAN ports consume internal VLANs, so it is possible that VLANs in the 1020-1100
Note
range might already be in use.
To assign the firewall groups to the FWSM, enter the following command:
Step 2
Router(config)# firewall module module_number vlan-group firewall_group
The firewall_group is one or more group numbers:
• A single number (n)
• A range (n-x)
Separate numbers or ranges by commas. For example, enter the following numbers:
5,7-10
This example shows how you can create three firewall VLAN groups: one for each FWSM, and one that
includes VLANs assigned to both FWSMs. See the
information about adding VLANs to the switch.
Router(config)# vlan 55-57,70-85,100
Router(config-vlan)# exit
Router(config)# firewall vlan-group 50 55-57
Router(config)# firewall vlan-group 51 70-85
Router(config)# firewall vlan-group 52 100
Router(config)# firewall module 5 vlan-group 50,52
Router(config)# firewall module 8 vlan-group 51,52
To view the group configuration, enter the following command:
Router# show firewall vlan-group
Group vlans
----- ------
50 55-57
51 70-85
52 100
To view VLAN group numbers for all modules, enter the following command:
Router# show firewall module
Module Vlan-groups
5
8
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
2-4
50,52
51,52
Chapter 2 Configuring the Switch for the Firewall Services Module
"Prerequisites" section on page 2-3 for more
OL-6392-01