Configuring Transparent Firewall Interfaces For Through Traffic; Assigning An Ip Address To A Bridge Group - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring Interfaces for Transparent Firewall Mode
Configuring Transparent Firewall Interfaces for Through Traffic
To assign an interface to a bridge group, set the name, and set the security level, perform the following
steps:
To identify the interface, enter the following command:
Step 1
hostname(config)# interface {vlan number | mapped_name}
In multiple context mode, enter the mapped name if one was assigned using the allocate-interface
command.
To assign it to a bridge group, enter the following command:
Step 2
hostname(config-if)# bridge-group number
Where number is an integer between 1 and 100. You can only assign two interfaces to a bridge group.
You cannot assign the same interface to more than one bridge group.
To name the interface, enter the following command:
Step 3
hostname(config-if)# nameif name
The name is a text string up to 48 characters, and is not case-sensitive. You can change the name by
reentering this command with a new value. Do not enter the no form, because that command causes all
commands that refer to that name to be deleted. If you name an interface "inside" and you do not set the
security level explicitly, then the FWSM sets the security level to 100.
Step 4
To set the security level, enter the following command:
hostname(config-if)# security-level number
Where number is an integer between 0 (lowest) and 100 (highest). By default, after you name the
interface, the FWSM sets the security level to 0.
Assigning an IP Address to a Bridge Group
A transparent firewall does not participate in IP routing. The only IP configuration required for the
FWSM is to set the management IP address for each bridge group. This address is required because the
FWSM uses this address as the source address for traffic originating on the FWSM, such as system log
messages or communications with AAA servers. You can also use this address for remote management
access (for another method to manage the FWSM, see the
page
To set the management IP address, perform the following steps:
Identify the bridge group by entering the following command:
Step 1
hostname(config)# interface bvi bridge_group_number
Specify the IP address by entering the following command:
Step 2
hostname(config-if)# ip address ip_address [mask] [standby ip_address]
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
6-6
6-7).
Chapter 6
Configuring Interface Parameters
"Adding a Management Interface" section on
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
