Prerequisites; Assigning Vlans In Cisco Ios Software - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 2
Configuring the Switch for the Firewall Services Module
Prerequisites
Follow these steps to make sure you can use the VLANs on the FWSM. See the documentation for the
switch for detailed information.
1.
2.
Note
3.
Assigning VLANs in Cisco IOS Software
In Cisco IOS software, create one or more firewall VLAN groups, and then assign the groups to the
FWSM. For example, you can assign all the VLANs to one group, or you can create an inside group and
an outside group, or you can create a group for each customer.
You cannot assign the same VLAN to multiple firewall groups; however, you can assign multiple firewall
groups to an FWSM. VLANs that you want to assign to multiple FWSMs, for example, can reside in a
separate group from VLANs that are unique to each FWSM.
OL-6392-01
Add the VLANs to the switch.
If you do not add the VLANs to the switch before you assign them to the FWSM, the VLANs are
stored in the supervisor engine database and are sent to the FWSM as soon as they are added to the
switch.
The VLANs cannot be reserved VLANs.
Cisco IOS software
–
To add the VLAN, enter the vlan vlan_number command.
Catalyst operating system software
–
To add the VLAN, enter the set vlan vlan_number command.
Assign the VLANs to switch ports.
Cisco IOS software
–
To assign a VLAN to a port, enter:
router(config)# interface type slot / port
router(config-if)# switchport
router(config-if)# switchport mode access
router(config-if)# switchport access vlan vlan_id
Catalyst operating system software
–
To assign a VLAN to a port, enter the set vlan vlan_number mod/ports command. This
command both creates the VLAN (if you have not already done so) and assigns it to a port.
If you are using FWSM failover within the same switch chassis, do not assign the VLAN(s) you
are reserving for failover and stateful communications to a switch port. However, if you are
using failover between chassis, you must include the VLANs in the trunk port between the
chassis.
Assign VLANs to the FWSM before you assign them to the MSFC.
VLANs that do not satisfy this condition are discarded from the range of VLANs that you attempt
to assign on the FWSM. See the
page 2-5
for more information.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Assigning VLANs to the Firewall Services Module
"Adding Switched Virtual Interfaces to the MSFC" section on
2-3
Advertisement
Table of Contents
Troubleshooting
