Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
2
Replies

Problem with new Vlan on FWSM

patoberli
VIP Alumni
VIP Alumni

‎09-03-2008 05:19 AM - edited ‎03-06-2019 01:09 AM

Hi all

I created today a new transparent context on my FWSM (3.2(6)) which is in a 6509 with IOS in the slot 9.

Here my configuration:

firewall multiple-vlan-interfaces

firewall module 9 vlan-group 1,

firewall vlan-group 1 30,[others-removed]1030

!

vlan 1030

name mse_outside

!

!

interface Vlan1030

description ** mse_outside **

ip address 10.10.30.6 255.255.255.0

ip helper-address 10.10.20.10

ip helper-address 10.10.21.10

ip helper-address 10.10.21.14

no ip redirects

ip pim sparse-dense-mode

standby ip 10.10.30.1

standby timers 1 3

standby preempt

standby authentication xxxxxxxx

!

S6509R-1250#sh vlan

.

.

.

30 mse active

1030 mse_outside active

.

.

.

And on the FWSM Context System:

FWSM# show run

!

interface Vlan30

description mse

!

!

interface Vlan1030

description mse_outside

!

context mse

description ** mse **

allocate-interface Vlan1030

allocate-interface Vlan30

config-url disk:/mse.cfg

!

And the Context:

FWSM/mse# sh run

: Saved

:

FWSM Version 3.2(6) <context>

!

firewall transparent

hostname mse

domain-name xxxxxx

enable password xxxxxx encrypted

names

!

interface Vlan30

nameif inside

bridge-group 1

security-level 100

!

interface Vlan1030

nameif outside

bridge-group 1

security-level 0

!

interface BVI1

ip address 10.10.30.4 255.255.255.0 standby 10.10.30.5

!

passwd xxxxxxxxx encrypted

access-list CSM_TFW_ACL_INBOUND_1 ethertype permit bpdu

access-list CSM_FW_ACL_inside extended permit ip any any

access-list OUTSIDE extended permit ip any any

pager lines 24

logging enable

logging buffered informational

logging trap informational

logging device-id hostname

logging host outside 10.10.20.56

mtu inside 1500

mtu outside 1500

monitor-interface inside

monitor-interface outside

icmp permit any outside

no asdm history enable

arp timeout 14400

access-group CSM_TFW_ACL_INBOUND_1 in interface inside

access-group CSM_FW_ACL_inside in interface inside

access-group CSM_TFW_ACL_INBOUND_1 in interface outside

access-group OUTSIDE in interface outside

route outside 0.0.0.0 0.0.0.0 10.10.30.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

aaa proxy-limit disable

http 10.10.20.12 255.255.255.255 outside

no snmp-server location

no snmp-server contact

telnet timeout 5

ssh timeout 5

!

class-map CSM_CLASS_MAP_1

match default-inspection-traffic

!

!

policy-map CSM_POLICY_MAP_global_1

class CSM_CLASS_MAP_1

inspect dns maximum-length 4096

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy CSM_POLICY_MAP_global_1 global

arp-inspection inside enable flood

arp-inspection outside enable flood

Cryptochecksum:xxxxxxx

: end

FWSM/mse#

And now to the problem:

FWSM# sh vlan

28-29 , 60 , 1030

[Note, here is the Vlan 30 missing]

FWSM# sh int vlan30

Interface Vlan30 "", is down, line protocol is down

Hardware is EtherSVI

Description: mse

Allocated to a context

MAC address 0008.7ceb.1200, MTU not set

IP address unassigned

FWSM# sh int vlan1030

Interface Vlan1030 "", is up, line protocol is up

Hardware is EtherSVI

Description: mse_outside

Allocated to a context

MAC address 0008.7ceb.1200, MTU not set

IP address unassigned

FWSM#

Also note, here is the interface Vlan30 down/down.

Any ideas why I don't see the vlan30 on the FWSM, or why this interface is down?

I'm really out of ideas :(

Thanks,

Patrick

Labels:
0 Helpful
2 Replies 2

Calin C.
Level 5
Level 5

‎09-03-2008 05:52 AM

Hi Patrick!

You have:

"FWSM Version 3.2(6)

!

firewall transparent "

If it is possible to test, put it into routed mode and see if everything is ok.

In the meantime I will have a look maybe I can find something to help you, as your config looks ok.

A small hint (maybe only I had this problem), try to reapply the config on FWSM. Sometimes for me did not took the config from the first attend (I configure and acl and it was not there...for example). Maybe I have a bug or something.

Let me know if you solved the problem.

Good luck!

Cheers,

Calin

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Calin C.

‎09-03-2008 05:59 AM

I actually deleted the whole context and recreated it, but no help.

I also changed to routed and back to transparent, no change.

Interface remains down.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card