cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
909
Views
0
Helpful
5
Replies

multiple fwsm context on same vlan

stephg
Level 1
Level 1

Hi,

I've noticed that for a reason, you cannot assign the same vlan onto multiple context within the FWSM.

Is there a way to go around this limitation? Does anybody know if this will be addressed.

Regards,

Stephane

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

Hi Stephane

You should be able to as the FWSM supports the concept of a shared vlan between contexts. On our production FWSM's we have a vlan for the outside interfaces that is shared between contexts so each outside interface has an IP address out of the same subnet.

Jon

Hi Jon,

I thought that multiple contexts within the same fwsm share the same mac address. Is this correct

Hi

Taken from our production FWSM

Admin context

=============

Interface vlan241 "outside", is up, line protocol is up

MAC address 0015.624a.4780, MTU 1500

IP address 10.181.107.132, subnet mask 255.255.255.128

ebus context

============

Interface vlan241 "outside", is up, line protocol is up

MAC address 0015.624a.4780, MTU 1500

IP address 10.181.107.134, subnet mask 255.255.255.128

So yes they do share the same mac-address bur remember that these are purely virtual interfaces. How the FWSM decides which context to send the traffic to is all to do with the classifier and indeed when you share a vlan you do have to be aware of how the FWSM clasifier works or it can be quite confusing :-)

Jon

Hi,

But using the classifier, you had to create a static nat to get it working. On top of it I would need to cascade contexts, which I think does not work.

Why does'nt the fwsm now it's own ip's and that you have to NAT to get it working.

Wouldn't static routes work

Stephane

Not sure i follow. Your original question was about not being able to share a vlan across contexts and i pointed out that you can.

As far as statics are concerned, yes you need to setup static translations because the classifier first looks at the vlan interface the packet comes in on but as the vlan is shared it then needs a translation to work out which context to use.

Could you explain what you mean regarding static routes ?

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: