Vlan Interfaces - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
How the Firewall Services Module Works
How the Firewall Services Module Works
This section describes the network firewall functionality provided by the FWSM. It includes the
following topics:
•
•
•
•
•
Security Policy Overview
A security policy determines which traffic is allowed to pass through the firewall to access another
network. By default, no traffic can pass through the firewall. By applying ACLs to interfaces, you can
determine which IP addresses and traffic types can pass through the interfaces to access other networks.
By default, the Cisco PIX firewall allows traffic to flow freely from an inside network (higher security
Note
level) to an outside network (lower security level). However, the FWSM does not allow any traffic to
pass between interfaces unless you explicitly permit it with an ACL. This rule is true for both routed
firewall mode and transparent firewall mode. While you still specify the security level for an interface
on the FWSM, the security level does not provide explicit permission for traffic to travel from a high
security interface to a low security interface. See the
more information about how security levels work.
For routed firewall mode, in addition to ACLs, you can use Network Address Translation (NAT) between
networks to further protect the real IP addresses of hosts.
If you have an AAA server, you can also apply AAA rules to users to control their access.
All of these features plus others, such as filters or inspection engines, make up the security policy of the
firewall.
VLAN Interfaces
The FWSM does not include any external physical interfaces. Instead, it uses internal VLAN interfaces.
For example, you assign VLAN 201 to the FWSM inside interface, and VLAN 200 to the outside
interface. You assign these VLANs to physical switch ports, and hosts connect to those ports. When
communication occurs between VLANs 201 and 200, the FWSM is the only available path between the
VLANs, forcing traffic to be statefully inspected.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
1-8
Security Policy Overview, page 1-8
VLAN Interfaces, page 1-8
How the Firewall Services Module Works with the Switch, page 1-9
Routed Firewall and Transparent Firewall Modes, page 1-11
Security Contexts, page 1-12
Chapter 1
Introduction to the Firewall Services Module
"Configuring Interfaces" section on page 6-6
for
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
