Cisco Catalyst 6500 Series Configuration Manual page 94
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Configuring a Security Context
(Optional) To add a description for this context, enter the following command:
Step 2
FWSM(config-context)# description text
To specify the VLAN interfaces you can use in the context, enter the following command:
Step 3
FWSM(config-context)# allocate-interface vlan number [-vlan number ] [ map_name [- map_name ]]
You can enter this command multiple times to specify different ranges. For transparent firewall mode,
you can only use two interfaces per context.
Enter a VLAN number or a range of VLANs, typically from 1 to 1000 and from 1025 to 4094 (see the
switch documentation for supported VLANs). You can assign the same VLANs to multiple contexts, if
desired. See the
information about shared VLAN limitations.
The map_name is an alphanumeric alias for the VLAN interface that can be used within the context
instead of the VLAN number. If you do not specify a mapped name, the VLAN number is used within
the context. For security purposes, you might not want the context administrator to know which VLANs
are being used by the context. Instead of using the VLAN number in the nameif command, for example,
you can use the mapped name.
A mapped name must start with a letter, end with a letter or digit, and have as interior characters only
letters, digits, or an underscore. For example, you can use the following names:
int0
inta
int_0
If you specify a range of VLAN IDs, you can specify a matching range of mapped names. Follow these
guidelines for ranges:
•
The mapped name must consist of an alphabetic portion followed by a numeric portion. The
alphabetic portion of the mapped name must match for both ends of the range. For example, enter
the following range:
int0-int10
The numeric portion of the mapped name must include the same quantity of numbers as the
•
vlanx-vlany statement. For example, both ranges include 100 interfaces:
vlan100-vlan199 int1-int100
If you enter vlan100-vlan199 int1-int15 or vlan100-vlan199 happy1-sad5, for example, the
command fails.
The following example shows VLANs 100, 200, and 300 through 305 assigned to the context. The
mapped names are int1 through int8.
FWSM(config-context)# allocate-interface vlan100 int1
FWSM(config-context)# allocate-interface vlan200 int2
FWSM(config-context)# allocate-interface vlan300-vlan305 int3-int8
Step 4
To identify the URL from which the system downloads the context configuration, enter the following
command:
FWSM(config-context)# config-url url
When you add a context URL, the system immediately loads the context so that it is running.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
5-20
"Sharing Resources and Interfaces Between Contexts" section on page 5-5
Chapter 5
Managing Security Contexts
for more
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Cisco Catalyst 6500 Series
Related Products for Cisco Catalyst 6500 Series
- Cisco 6503 - Catalyst Firewall Security Sys
- Cisco 6503-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6504-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6506 - Catalyst Chassis Switch
- Cisco 6513 - Catalyst Switch
- Cisco Catalyst 6509
- Cisco Catalyst 6513-E
- Cisco Catalyst 6500-E Series