Assigning Vlans To The Secondary Firewall Services Module; Adding A Trunk Between A Primary Switch And Secondary Switch; Ensuring Compatibility With Transparent Firewall Mode; Managing The Firewall Services Module Boot Partitions - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Managing the Firewall Services Module Boot Partitions
Assigning VLANs to the Secondary Firewall Services Module
Because both units require the same access to the inside and outside networks, you must assign the same
VLANs to both FWSMs on the switch(es). See the
section on page
Adding a Trunk Between a Primary Switch and Secondary Switch
If you are using inter-switch failover (see the
to configure an 802.1Q VLAN trunk between the two switches. The trunk should have the following
characteristics:
•
•
•
To configure the EtherChannel and trunk, see the documentation for your switch.
Ensuring Compatibility with Transparent Firewall Mode
To avoid loops when you use failover in transparent mode, use switch software that supports BPDU
forwarding. Catalyst operating system software release 8.2(1) and Cisco IOS software Release
12.2(17)SXA allow BPDUs automatically.
Managing the Firewall Services Module Boot Partitions
This section describes how to reset the FWSM from the switch, and how to manage the boot partitions
on the Compact Flash card. This section includes the following topics:
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
2-12
2-2.
The trunk must carry all firewall VLANs, including the failover and state VLANs.
Because this trunk also accommodates FWSM traffic when a module fails, this trunk should be at
least as large as the maximum amount of traffic you expect to be inspected by the FWSM. The
FWSM has an internal 6-Gbps EtherChannel to the switch, so if the FWSM runs at full capacity, the
trunk between the two devices needs to include at least six 1-Gbps interfaces. EtherChannel
aggregates the bandwidth of up to eight compatibly configured ports into a single logical link. If you
do not have the ports to spare, you can create a smaller trunk; however, you might experience
decreased performance.
The trunk should have QoS enabled so that failover VLAN packets, which have the CoS value of 5
(higher priority), are treated with higher priority in these ports.
Flash Memory Overview, page 2-13
Setting the Default Boot Partition, page 2-13
Resetting the FWSM or Booting from a Specific Partition, page 2-13
Chapter 2
Configuring the Switch for the Firewall Services Module
"Assigning VLANs to the Firewall Services Module"
"Module Placement" section on page
15-4), then you need
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
