Vlan Guidelines; Assigning Vlans To The Fwsm - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 2
Configuring the Switch for the Firewall Services Module
This section includes the following topics:
•
•
VLAN Guidelines
See the following guidelines for using VLANs with the FWSM:
•
•
•
•
•
Assigning VLANs to the FWSM
In Cisco IOS software, create up to 16 firewall VLAN groups, and then assign the groups to the FWSM.
For example, you can assign all the VLANs to one group, or you can create an inside group and an
outside group, or you can create a group for each customer. Each group can contain unlimited VLANs.
You cannot assign the same VLAN to multiple firewall groups; however, you can assign multiple firewall
groups to an FWSM and you can assign a single firewall group to multiple FWSMs. VLANs that you
want to assign to multiple FWSMs, for example, can reside in a separate group from VLANs that are
unique to each FWSM.
To assign VLANs to the FWSM, perform the following steps:
To assign VLANs to a firewall group, enter the following command:
Step 1
Router(config)# firewall vlan-group firewall_group vlan_range
The firewall_group argument is an integer.
The vlan_range can be one or more VLANs (2 to 1000 and from 1025 to 4094) identified in one of the
following ways:
•
•
Separate numbers or ranges by commas. For example, enter the following numbers:
5,7-10,13,45-100
Note
Routed ports and WAN ports consume internal VLANs, so it is possible that VLANs in the 1020-1100
range might already be in use.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
VLAN Guidelines, page 2-3
Assigning VLANs to the FWSM, page 2-3
You can use private VLANs with the FWSM. Assign the primary VLAN to the FWSM; the FWSM
automatically handles secondary VLAN traffic.
You cannot use reserved VLANs.
You cannot use VLAN 1.
If you are using FWSM failover within the same switch chassis, do not assign the VLAN(s) you are
reserving for failover and stateful communications to a switch port. However, if you are using
failover between chassis, you must include the VLANs in the trunk port between the chassis.
If you do not add the VLANs to the switch before you assign them to the FWSM, the VLANs are
stored in the supervisor engine database and are sent to the FWSM as soon as they are added to the
switch.
A single number (n)
A range (n-x)
Assigning VLANs to the Firewall Services Module
2-3
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
