FWSM Int problem

Unanswered Question
Dec 13th, 2007
User Badges:

I can't get the Vlan interfaces on the FWSM to come up because I don't have a phy int to bind them to... Anyone know how to do this?

Here's the relevent config for the fwsm:

interface Vlan100

nameif inside

security-level 100

ip address

and the 6506:

firewall vlan-group 4 100,200

vtp mode transparent

vlan 100

name Firewall_Inside

interface GigabitEthernet2/46

no ip address


switchport access vlan 100

switchport mode access

spanning-tree bpduguard enable

interface Vlan100

ip address

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
jaydhindsa Fri, 12/14/2007 - 09:39
User Badges:


You are missing:

firewall module x vlan-group y.

Where x is slot where ur module sits, and y is your vlan group that you defined. This will start trunking your Vlans to FWSM.

You also need

"firewall multiple-vlan-interfaces" if you are trunking more than 1 vlans.

Hope this helps.



RouterTech1 Mon, 12/17/2007 - 10:31
User Badges:

That was it.. thanks! I managed to get the answer a few hours before you posted this. But thanks!

berkous1 Sat, 12/15/2007 - 06:05
User Badges:


one thing seems to miss on your 6506 configuration :

Below please find an example :

This example shows how you can create three firewall VLAN groups: one for each FWSM, and one that includes VLANs assigned to both FWSMs.

Router(config)# firewall vlan-group 50 55-57

Router(config)# firewall vlan-group 51 70-85

Router(config)# firewall vlan-group 52 100

Router(config)# firewall module 5 vlan-group 50,52

Router(config)# firewall module 8 vlan-group 51,52

You don't need any physical interface to do that.

check on the FWSM is the Vlan is up. Don't hesitate to type "no shutdown" in the desired vlan config.

Hope it will help.

See ya?


This Discussion