09-05-2007 06:42 AM - edited 03-11-2019 04:07 AM
Hi,
I've noticed that for a reason, you cannot assign the same vlan onto multiple context within the FWSM.
Is there a way to go around this limitation? Does anybody know if this will be addressed.
Regards,
Stephane
09-05-2007 06:47 AM
Hi Stephane
You should be able to as the FWSM supports the concept of a shared vlan between contexts. On our production FWSM's we have a vlan for the outside interfaces that is shared between contexts so each outside interface has an IP address out of the same subnet.
Jon
09-05-2007 08:03 AM
Hi Jon,
I thought that multiple contexts within the same fwsm share the same mac address. Is this correct
09-05-2007 09:27 AM
Hi
Taken from our production FWSM
Admin context
=============
Interface vlan241 "outside", is up, line protocol is up
MAC address 0015.624a.4780, MTU 1500
IP address 10.181.107.132, subnet mask 255.255.255.128
ebus context
============
Interface vlan241 "outside", is up, line protocol is up
MAC address 0015.624a.4780, MTU 1500
IP address 10.181.107.134, subnet mask 255.255.255.128
So yes they do share the same mac-address bur remember that these are purely virtual interfaces. How the FWSM decides which context to send the traffic to is all to do with the classifier and indeed when you share a vlan you do have to be aware of how the FWSM clasifier works or it can be quite confusing :-)
Jon
09-11-2007 09:55 AM
Hi,
But using the classifier, you had to create a static nat to get it working. On top of it I would need to cascade contexts, which I think does not work.
Why does'nt the fwsm now it's own ip's and that you have to NAT to get it working.
Wouldn't static routes work
09-11-2007 11:14 PM
Stephane
Not sure i follow. Your original question was about not being able to share a vlan across contexts and i pointed out that you can.
As far as statics are concerned, yes you need to setup static translations because the classifier first looks at the vlan interface the packet comes in on but as the vlan is shared it then needs a translation to work out which context to use.
Could you explain what you mean regarding static routes ?
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: