Chapter 2
Configuring the Switch for the Firewall Services Module
•
SVI Overview
For security reasons, by default, only one SVI can exist between the MSFC and the FWSM. For example,
if you misconfigure the system with multiple SVIs, you could accidentally allow traffic to pass around
the FWSM by assigning both the inside and outside VLANs to the MSFC. (See
Figure 2-1
VLAN 201
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Configuring SVIs, page 2-7
Multiple SVI Misconfiguration
Internet
VLAN 100
MSFC
VLAN 200
FWSM
VLAN 201
Inside
Adding Switched Virtual Interfaces to the MSFC
Figure
2-1.)
2-5