Assigning Ip Addresses To Interfaces For A Routed Firewall; Setting The Management Ip Address For A Transparent Firewall; Configuring The Default Route; C H A P T E R 8 Configuring Ip Addresses, Routing, And Dhcp - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Configuring the Default Route
Assigning IP Addresses to Interfaces for a Routed Firewall
Routed firewall mode only
To assign an IP address to a VLAN interface, enter the following command:
FWSM/contexta(config)# ip address interface_name ip_address mask [standby ip_address ]
In single context mode, each interface address must be on a unique subnet. In multiple context mode, if
this interface is on a shared VLAN, then the IP address must be unique, and cannot be used by another
context on the shared VLAN. If the VLAN is unique, this IP address can be used by other contexts if
desired.
The standby keyword and address is used for failover. See the
page 15-15
For example, to set the IP address of the inside interface, enter the following command:
FWSM/contexta(config)# ip address inside 192.168.1.1 255.255.255.0
Setting the Management IP Address for a Transparent Firewall
Transparent firewall mode only
A transparent firewall does not participate in IP routing. The only IP configuration required for the
FWSM is to set the management IP address. This address is required because the FWSM uses this
address as the source address for traffic originating on the FWSM, such as system messages or
communications with AAA servers. You can also use this address for remote management access.
For multiple context mode, set the management IP address within each context.
To set the management IP address, enter the following command:
FWSM/contexta(config)# ip address ip_address [ mask ] [standby ip_address ]
This address must be on the same subnet as the upstream and downstream routers.
The standby keyword and address is used for failover. See the
page 15-15
Configuring the Default Route
The default route identifies the router IP address to which the FWSM sends all IP packets for which it
does not have a route. The FWSM might receive a default route from the dynamic routing protocol
(single mode only), but we recommend setting a static default route as a backup.
For transparent firewall mode, for traffic that originates on the FWSM and is destined for a non-directly
connected network, configure either a default route or static routes so the FWSM knows out of which
interface to send traffic. Traffic that originates on the FWSM might include communications to a syslog
server, Websense or N2H2 server, or AAA server.
The FWSM supports up to three equal cost routes on the same interface for load balancing.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
8-2
for more information.
for more information.
Chapter 8
Configuring IP Addresses, Routing, and DHCP
"Configuring Failover" section on
"Configuring Failover" section on
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
