Cisco 7604 Configuration Manual page 92

Configuring a Security Context
Although this context name does not yet exist in your configuration, you can subsequently enter the
context name command to match the specified name to continue the admin context configuration.
To configure a context in the system configuration, perform the following steps:
To configure a context, enter the following command in the system execution space:
Step 1
hostname(config)# context name
The name is a string up to 32 characters long. This name is case sensitive, so you can have two contexts
named "customerA" and "CustomerA," for example. You can use letters, digits, or hyphens, but you
cannot start or end the name with a hyphen.
"System" or "Null" (in upper or lower case letters) are reserved names, and cannot be used.
(Optional) To add a description for this context, enter the following command:
Step 2
hostname(config-ctx)# description text
To specify the interfaces you can use in the context, enter the following command:
Step 3
hostname(config-ctx)# allocate-interface vlannumber[-vlannumber] [map_name[-map_name]
[invisible | visible]]
You can enter this command multiple times to specify different ranges. If you remove an allocation with
the no form of this command, then any context commands that include this interface are removed from
the running configuration.
Enter a VLAN number or a range of VLANs, typically from 2 to 1000 and from 1025 to 4094 (see the
switch documentation for supported VLANs). To see a list of VLANs assigned to the FWSM, use the
show vlan command. You can allocate a VLAN that is not yet assigned to the FWSM, but you need to
assign them from the switch if you want them to pass traffic. When you allocate an interface, the FWSM
automatically adds the interface command for each VLAN in the system configuration.
You can assign the same VLANs to multiple contexts in routed mode, if desired. See the
Interfaces Between Contexts" section on page 4-7
The map_name is an alphanumeric alias for the interface that can be used within the context instead of
the VLAN ID. If you do not specify a mapped name, the VLAN ID is used within the context. For
security purposes, you might not want the context administrator to know which interfaces are being used
by the context. You can use the same name in multiple contexts; the VLAN ID in multiple contexts can
be the same or different for a given name. You cannot use the same name for different VLAN IDs in the
same context.
A mapped name must start with a letter, end with a letter or digit, and have as interior characters only
letters, digits, or an underscore. For example, you can use the following names:
int0
inta
int_0
If you specify a range of VLAN IDs, you can specify a matching range of mapped names. Follow these
guidelines for ranges:
The mapped name must consist of an alphabetic portion followed by a numeric portion. The
•
alphabetic portion of the mapped name must match for both ends of the range. For example, enter
the following range:
int0-int10
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
4-28
Chapter 4
for more information about shared VLAN limitations.
Configuring Security Contexts
"Sharing
OL-20748-01