Adding A Management Interface - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 6
Configuring Interface Parameters
Do not assign a host address (/32 or 255.255.255.255) to the transparent firewall. Also, do not use other
subnets that contain fewer than 3 host addresses (one each for the upstream router, downstream router,
and transparent firewall) such as a /30 subnet (255.255.255.252). The FWSM drops all ARP packets to
or from the first and last addresses in a subnet. Therefore, if you use a /30 subnet and assign a reserved
address from that subnet to the upstream router, then the FWSM drops the ARP request from the
downstream router to the upstream router.
The FWSM does not support traffic on secondary networks; only traffic on the same network as the
management IP address is supported.
The standby keyword and address is used for failover. See
information.
The following example assigns VLANs 300 and 301 to bridge group 1, then sets the management address
and standby address of bridge group 1:
hostname(config)# interface vlan 300
hostname(config-if)# nameif inside
hostname(config-if)# security-level 100
hostname(config-if)# bridge-group 1
hostname(config-if)# interface vlan 301
hostname(config-if)# nameif outside
hostname(config-if)# security-level 0
hostname(config-if)# bridge-group 1
hostname(config-if)# interface bvi 1
hostname(config-if)# ip address 10.1.3.1 255.255.255.0 standby 10.1.3.2
Adding a Management Interface
In addition to each bridge group management IP address, you can add a separate management interface
that is not part of any bridge group, and that allows only management traffic to the FWSM. For more
information, see the
To configure a management interface, perform the following steps:
To specify the interface you want to configure, enter the following command:
Step 1
hostname(config)# interface {vlan number | mapped_name}
In multiple context mode, enter the mapped name if one was assigned using the allocate-interface
command.
For example, enter the following command:
hostname(config)# interface vlan 101
To name the interface, enter the following command:
Step 2
hostname(config-if)# nameif name
The name is a text string up to 48 characters, and is not case-sensitive. You can change the name by
reentering this command with a new value. Do not enter the no form, because that command causes all
commands that refer to that name to be deleted.
To set the security level, enter the following command:
Step 3
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
"Information About Device Management" section on page
Configuring Interfaces for Transparent Firewall Mode
Chapter 14, "Configuring Failover,"
6-4.
for more
6-7
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
