FWSM and ACE VLAN Assignment

Unanswered Question
Mar 20th, 2007
User Badges:

Hi all,


Just a quick one, I?m trying to find some documentation on interoperability using the FWSM and ACE line cards for the 6500 series. Basically my question is once a VLAN has been assigned to the FWSM can be assigned to the ACE as well (at the same time) or does traffic need to pass through MSFC?


Many thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Syed Iftekhar Ahmed Wed, 03/21/2007 - 17:37
User Badges:
  • Blue, 1500 points or more

When allocating VLANs to a vlan-group, be aware "a specific VLAN can only be allocated to one vlan-group". This requirement can dictate the use of multiple vlan-groups.


Either firewall or svclc commands can be used to define a vlan-group. However, the firewall command must be used to allocate vlan-groups to a FWSM, and the svclc command must be used to allocate vlan-groups to an ACE module.


for example


In this example VLANs 100 and 200 need to be allocated to the FSWM and VLANs 200 and 300 allocated to the ACE module. Due to the vlan-group constraint, an additional vlan-group must be allocated for the shared VLAN between the FWSM and ACE modules.


firewall vlan-group 30 100

firewall vlan-group 50 200


svclc vlan-group 70 300


firewall module 3 vlan-group 30

firewall module 3 vlan-group 50


svclc module 4 vlan-group 50

svclc module 4 vlan-group 70




hope it helps

Syed Iftekhar Ahmed

Actions

This Discussion