11-28-2008 06:18 AM - edited 03-06-2019 02:43 AM
Hi,
I have the following firewall vlan-group defined on my 6500
firewall vlan-group 3 2803,2805,2807
I need to add another vlan, say 2809 to this group.
Will this command:
firewall vlan-group 3 2809
overwrite or append the exisitng vlan-group. What would be the safest method to add this new vlan to the group.
Any suggestions would be appreciated.
Thanks
11-28-2008 06:41 AM
Hello Sean,
I've given a look at one of my C6500.
the command allows multiline :
RT-xxx#sh run | inc vlan-group
firewall module 4 vlan-group 41
firewall vlan-group 41 3-9,11-14,97-99,200,201,400,405,410,415,420,425
firewall vlan-group 41 430-432,435,440,445,450,455,460,465,470,475,480,485
firewall vlan-group 41 490,531,532,600-602,605,606,610-612,615,630,644-648
firewall vlan-group 41 651,656,661,666,696-698,700-703,730,745-748,800,801
firewall vlan-group 41 901,902
RT-xxx
this is IOS
disk0:s72033-adventerprisek9_wan-mz.122-18.SXF14.bin
So I think you can add a line with the two new vlans without issues
Hope to help
Giuseppe
11-28-2008 07:08 AM
Giuseppe,
Thanks for the reply.
Just so that I understand if my current config is :
sh firewall vlan-group 3
Group Created by vlans
----- ---------- -----
3 FWSM 2803,2805,2807
running the:
firewall vlan-group 3 2809
command will merely add this vlan to the exisiting group so that my output from the sh firewall vlan-group command will be as follows:
sh firewall vlan-group 3
Group Created by vlans
----- ---------- -----
3 FWSM 2803,2805,2807,2809
What I am trying to avoid is running firewall vlan-group 3 2809 and the three existing vlans are removed from the group and replaced by 2809.
Thanks again,
Sean
11-28-2008 10:09 AM
Sean
If you run "firewall vlan-group 3 2809" then it will just append it to the existing line. It will not overwrite your existing configuration. Promise :-)
Jon
02-21-2012 03:12 PM
Hi Jon,
Thanks, that was helpful, i would be greatful if you can help clear my doubt.
Is there a specific order to add a new vlan to the fwsm ? i added a new vlan to the firewall group but it does not show up in the system context. should i input the vlan config in the fwsm system context (interface vlan
Regards,
Shiva
08-23-2014 08:42 AM
Dear Team
We have a core switch in VSS with FWSM running with multiple contexts.
I need to create 5 new DMZ (interfaces) in FWSM server context
Currently my config shows like below, which includes three "firewall vlan-group" statements, each with a comma-separated list of vlan numbers:
firewall switch 1 module 4 vlan-group 1,2,3
firewall switch 2 module 4 vlan-group 1,2,3
firewall vlan-group 1 2,3,4
firewall vlan-group 2 5,6,7 (vlans for server context)
firewall vlan-group 3 8,9,10
My question is: when I add the 5 new vlans, do I have to simply issue an additional "firewall vlan-group" statement with the five new vlan numbers, like this?
firewall vlan-group 2 30,40,50,60,70 (I need to add vlans in vlan-group 2)
In other words, will above command overwrite my existing list of vlans in vlan group 2 if I only add the five new vlans in vlan group 2 ? I obviously don't want to lose connectivity by erasing all my existing vlans.
Or do I have to issue a new statement that includes ALL of the existing vlans and five new vlans, like this?
firewall vlan-group 2 [all previously existing vlans],30,40,50,60,70 (five new vlans)
I want to know if i typed the above command with existing vlan and the new vlans does it cause any issues to the running environment b/c i think with the above command existing vlans will also be pushed along with new vlans to FWSM again or this is not the case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide