Example 4: Secondary Fwsm System Configuration; Example 4: Switch Configuration - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Routed Mode Examples
telnet 10.0.2.14 255.255.255.255 inside
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside [ Allows all inside hosts to access the outside
for any IP traffic ]
Example 4: Context C Configuration (Primary)
nameif vlan200 outside security0
nameif vlan203 inside security100
passwd secret0997
enable password strayd0g
ip address outside 209.165.201.3 255.255.255.224 standby 209.165.201.7
ip address inside 10.0.1.1 255.255.255.0 standby 10.0.1.2
monitor-interface inside
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 209.165.201.12 netmask 255.255.255.224 [ This context uses dynamic PAT
for inside users that access the outside ]
route outside 0 0 209.165.201.5 1
telnet 10.0.1.65 255.255.255.255 inside
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside [ Allows all inside hosts to access the outside
for any IP traffic ]
Example 4: Secondary FWSM System Configuration
You do not need to configure any contexts, just the following minimal configuration for the system.
You must first enable multiple context mode using the mode multiple command. Then enter the
activation key to allow more than two contexts using the activation-key command. The mode and the
activation key are not stored in the configuration file, even though they do endure reboots. If you view
the configuration on the FWSM using the write terminal, show startup, or show running commands,
the mode displays after the FWSM Version (blank means single mode, "<system>" means you are in
multiple mode in the system configuration, and <context> means you are in multiple mode in a context).
failover lan interface faillink vlan 10
failover interface ip faillink 192.168.253.1 255.255.255.252 standby 192.168.253.2
failover lan unit secondary
failover
Example 4: Switch Configuration
The following lines in the Cisco IOS switch configuration on both switches relate to the FWSM. For
information about configuring redundancy for the switch, see the switch documentation.
...
firewall module 1 vlan-group 1
firewall vlan-group 1 10,11,200-203
interface vlan 200
interface range gigabitethernet 2/1-3
...
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
B-14
ip address 209.165.201.1 255.255.255.224
standby 200 ip 209.165.201.5
standby 200 priority 110
standby 200 preempt
standby 200 timers 5 15
standby 200 authentication Secret
no shut
channel-group 2 mode on
switchport trunk encapsulation dot1q
no shut
Appendix B
Sample Configurations
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
