fwsm inside interface with svi(w/o ip address) in the switch not working

Unanswered Question
Nov 16th, 2007

I am running FWSM 3.2(1) code and catalyst 6500 IOS 12.2(SXF11)

in the switch:

vlan 100 name outside

vlan 200 name inside

int vlan 100

description - outside

ip address

int vlan 200

description - inside

no ip address

in the FWSM

context test

int vlan 200

nameif outside

bridge-group 1

security-level 0

int vlan 100

nameif inside

bridge-group 1

security-level 100

int bvi1

ip address

But this is not working. we can ping the from the switch, can't ping anything beyond that in the inside LAN. Within inside LAN, communication within is fine, but can't beyond gateway. What's the cause?

Why do we have a SVI for inside interface without IP address?

At one time, we hade firewall issue, so we just created a new svi to bypass the firewall after shutdown the int vlan100.

Thanks for the explanation.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sding2006 Fri, 11/16/2007 - 12:13

Sure, I looked at this before :-)

My question is

shutdown/no shutdown the inside vlan SVI w/o IP address will have such big effect.

I am having hard time try to understand this.

rigoberto.cintr... Fri, 11/16/2007 - 12:28

Well the SVI interface in the Supervisor will be use for management of the switch and internal/external routing. You will always need an SVI with an IP to manage the switch, but doesn't have to be in a vlan assign to the FWSM.


This Discussion