Turning Off And Turning On Interfaces; Configuring Connection Limits For Non-Nat Configurations - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Configuring Connection Limits for Non-NAT Configurations
When you enable communication between two hosts on the same interface, keep in mind the following
requirements:
•
•
To enable communication between hosts on the same security level, enter the following command:
FWSM/contexta(config)# same-security-traffic permit intra-interface
To disable these settings, add no before the command.
Turning Off and Turning On Interfaces
All interfaces are enabled by default. If you disable or reenable the interface within a context, only that
context interface is affected. But if you disable or reenable the interface in the system execution space,
then you affect that VLAN interface for all contexts.
To disable an interface or reenable it, follow these steps:
To enter the interface configuration mode, enter the following command:
Step 1
FWSM/contexta(config)# interface interface_name
Step 2
To disable the interface, enter the following command:
FWSM/contexta(config-interface)# shutdown
To reenable the interface, enter the following command:
Step 3
FWSM/contexta(config-interface)# no shutdown
Configuring Connection Limits for Non-NAT Configurations
Transparent firewall mode
Same security level mode
The NAT configuration enables you to set connection limits for traffic. For transparent firewall mode or
for same security interfaces on which you do not want to configure NAT (see the
Communication Between Interfaces on the Same Security Level" section on page
configure identity NAT to set these limits. Identity NAT lets you specify the addresses for which you
want to set limits, but no translation is performed. (For same security interfaces, you can configure any
method for bypassing NAT, including NAT exemption. See the
for more information. For transparent mode, the FWSM supports only the following method.)
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
6-10
Outside NAT is not supported.
You can configure static routes from one interface to another on the same security level.
Chapter 6
Configuring Basic Settings
"Allowing
6-8), you can
"Bypassing NAT" section on page 9-29
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
