Problem with new Vlan on FWSM

Unanswered Question
Sep 3rd, 2008

Hi all

I created today a new transparent context on my FWSM (3.2(6)) which is in a 6509 with IOS in the slot 9.

Here my configuration:

firewall multiple-vlan-interfaces

firewall module 9 vlan-group 1,

firewall vlan-group 1 30,[others-removed]1030


vlan 1030

name mse_outside



interface Vlan1030

description ** mse_outside **

ip address

ip helper-address

ip helper-address

ip helper-address

no ip redirects

ip pim sparse-dense-mode

standby ip

standby timers 1 3

standby preempt

standby authentication xxxxxxxx


S6509R-1250#sh vlan




30 mse active

1030 mse_outside active




And on the FWSM Context System:

FWSM# show run


interface Vlan30

description mse



interface Vlan1030

description mse_outside


context mse

description ** mse **

allocate-interface Vlan1030

allocate-interface Vlan30

config-url disk:/mse.cfg


And the Context:

FWSM/mse# sh run

: Saved


FWSM Version 3.2(6) <context>


firewall transparent

hostname mse

domain-name xxxxxx

enable password xxxxxx encrypted



interface Vlan30

nameif inside

bridge-group 1

security-level 100


interface Vlan1030

nameif outside

bridge-group 1

security-level 0


interface BVI1

ip address standby


passwd xxxxxxxxx encrypted

access-list CSM_TFW_ACL_INBOUND_1 ethertype permit bpdu

access-list CSM_FW_ACL_inside extended permit ip any any

access-list OUTSIDE extended permit ip any any

pager lines 24

logging enable

logging buffered informational

logging trap informational

logging device-id hostname

logging host outside

mtu inside 1500

mtu outside 1500

monitor-interface inside

monitor-interface outside

icmp permit any outside

no asdm history enable

arp timeout 14400

access-group CSM_TFW_ACL_INBOUND_1 in interface inside

access-group CSM_FW_ACL_inside in interface inside

access-group CSM_TFW_ACL_INBOUND_1 in interface outside

access-group OUTSIDE in interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

aaa proxy-limit disable

http outside

no snmp-server location

no snmp-server contact

telnet timeout 5

ssh timeout 5


class-map CSM_CLASS_MAP_1

match default-inspection-traffic



policy-map CSM_POLICY_MAP_global_1


inspect dns maximum-length 4096

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy CSM_POLICY_MAP_global_1 global

arp-inspection inside enable flood

arp-inspection outside enable flood


: end


And now to the problem:

FWSM# sh vlan

28-29 , 60 , 1030

[Note, here is the Vlan 30 missing]

FWSM# sh int vlan30

Interface Vlan30 "", is down, line protocol is down

Hardware is EtherSVI

Description: mse

Allocated to a context

MAC address 0008.7ceb.1200, MTU not set

IP address unassigned

FWSM# sh int vlan1030

Interface Vlan1030 "", is up, line protocol is up

Hardware is EtherSVI

Description: mse_outside

Allocated to a context

MAC address 0008.7ceb.1200, MTU not set

IP address unassigned


Also note, here is the interface Vlan30 down/down.

Any ideas why I don't see the vlan30 on the FWSM, or why this interface is down?

I'm really out of ideas :(



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Calin Chiorean Wed, 09/03/2008 - 05:52

Hi Patrick!

You have:

"FWSM Version 3.2(6)


firewall transparent "

If it is possible to test, put it into routed mode and see if everything is ok.

In the meantime I will have a look maybe I can find something to help you, as your config looks ok.

A small hint (maybe only I had this problem), try to reapply the config on FWSM. Sometimes for me did not took the config from the first attend (I configure and acl and it was not there...for example). Maybe I have a bug or something.

Let me know if you solved the problem.

Good luck!



patoberli Wed, 09/03/2008 - 05:59

I actually deleted the whole context and recreated it, but no help.

I also changed to routed and back to transparent, no change.

Interface remains down.


This Discussion