Yes -

but not directly from the FWSM. the FWSM simply becomes part of the switch, using its trunks, backplane, and forwarding logic to make a firewall ON THE SWITCH...

so to do this, simply assign the vlans to the FWSM on the switch in question with the switch fwsm commands

firewall module 4 vlan-group 2

firewall vlan-group 2 333,352

then configure a trunk to the other switch such as

int g1/48


switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk native vlan 999

switchport trunk allowed vlan 333,352

You now have the functionality you require.

just make sure you create the vlans..

vlan 333

vlan 352


The receiving switch can do what ever it wants with the tagged frames, put them on to router access ports, server access ports, etc.


oops i read trunk and you said etherchannel.

same thing;

just tie two or more dedicated ports for an etherchannel trunk so like i had before but,

int range g1/47-48

channel-group 1 mode desirable

int port-channel1


switchport trunk en do

switchport trunk mode des

switchport trunk allowed vlan 333,352



This Discussion