08-04-2008 04:36 AM - edited 03-11-2019 06:25 AM
Just installed the FWSM in our 6513. Was reading on its configuration. It states under assigning VLANs to the FWSM under VLAN guidelines that you can not use VLAN 1. We do use VLAN 1.
To change away from VLAN 1 would require a lot of changes on our campus edge switches. By default all switch ports were in VLAN 1 when our LAN was first setup.
What is the issue with VLAN 1 and is there nothing I can do other than start the process of moving away from using VLAN 1?
Craig
08-04-2008 12:48 PM
Hi Craig,
Unfortunately, as you noted, it is impossible to push VLAN 1 down to the FWSM.
Aside from redesigning your network to not use VLAN 1, you can try creating another SVI and routing your traffic through the MSFC before being sent down to the FWSM. So, the packet's path might look something like this:
VLAN1---MSFC---VLAN2---FWSM---VLAN100---Internet
With this workaround, you can push VLAN2 and VLAN100 down to the FWSM and still keep your hosts on VLAN1.
Hope that helps.
-Mike
08-04-2008 01:06 PM
Thanks for the workaround. So what is the issue with VLAN 1?
Craig
08-04-2008 01:58 PM
Hi Craig,
I believe the reason for this is simply the enforcement of a best practice. It is assumed that VLAN1 will be used for management traffic only and not need to be firewalled. It is a best practice to move your production traffic into VLANs other than VLAN1 (though certainly not a requirement as you have seen in your case).
-Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: