how to configure flex-wan module in 6500 switch

Unanswered Question
Dec 24th, 2008

Its a cross posting

Hi,

Can anybody help me again please.

I have 2 switches in the backbone. 6509E with FWSM, IDS, Flex wan module. I will connect all my edge swithces, 15 Numbers (600+ Nodes) to the 6724 SFP module on MM Fiber. Edge switches 3560G sereies will act as a L2 switch only. All Layer 3 Vlan will be created on the core switch (6509E). I have around 20 servers which I will connect to the same switch on WS-X6148A module, 100/1000mb 48 port . The servers will be in a single Vlan (SERVER VLAN) and all the nodes will be in another VLAN (USER VLAN). As per the design server vlan will connect to the Firewall (FWSM) on inside interface, users will connect to another dmz interface and outside will connect to the Router, which is the Flex-WAN Module in the same 6509E Switch on say slot 3.

I want to know about this connection only. How it will be connected? will it be a physical connection? I will make one interface as the memebr of the outside vlan and connect to the flex wan physically ??

Aprecaite your earlier reply please.

regards

Jacob

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Giuseppe Larosa Wed, 12/24/2008 - 09:33

Hello Jacob,

there is something unclear.

Flexwan is used to install up to two Port Adapters for wan links like 8E1 or DS3 or STM-1.

The PA are the ones supported in C7200 and the C7500 series.

At least when flexwan was introduced the LAN PAs were the only ones not supported

For example we have it on two C6500 and they host each a 2T3+ PA and 1 8E1 PA.

2 0 2 port adapter FlexWAN WS-X6182-2PA SAD074804X9

RT-RM-TLD066-RG-MAN-E-1#sh ip int br | inc 2/

Serial2/0/0 172.24.128.213 YES manual up up

Serial2/0/1 unassigned YES manual administratively down down

Serial2/1/0 10.64.131.13 YES NVRAM up up

Serial2/1/1 10.110.0.17 YES NVRAM up up

Serial2/1/2 unassigned YES NVRAM administratively down down

Serial2/1/3 unassigned YES NVRAM administratively down down

RT-RM-TLD066-RG-MAN-E-1#

so the flex-wan can be used but to connect to a wan link not in a vlan context

Hope to help

Giuseppe

Jacob Samuel Wed, 12/24/2008 - 11:39

Hi Guiseppe,

thanks for the input. Now getting little clear (sorry this is the first time for me to work on the Flex WAN).

I have 2 PA for the module, PA-2FE-FX, PA-4T+. As you mentioned these are facing to WAN side. How I will route my traffic from the LAN Core Switch (6509E)to the Router (6509E - Flex WAN) module on the same switch.

If you can provide me any document which can give some basic understanding about the module.. it will really help me..

regards

Jacob

Attachment: 
Jacob Samuel Wed, 12/24/2008 - 21:39

HI All

It seems my question is not clear and it is tooo simple.

please see the jpg file attached. How i will connect to LAN. It is in the MSFC only??

regards

Jacob

Attachment: 
Jacob Samuel Thu, 12/25/2008 - 02:45

HI All

Is still my question is not clear.

Can any one plz have a look on this.

I am in need of a help very urgently please.

Giuseppe Larosa Thu, 12/25/2008 - 09:03

Hello Jacob,

I think you connect the wan link on one of the T ports of the PA installed in the flexwan.

the configuration is really similar to routers

it can be something like

controller t1 3/1/0

channel-group 0 unframed

int ser3/1/0:0

enc ppp

ip address wan.ip.address

and yes the LAN part can be done all on the MSFC and on the FWSM.

for reference see

http://www.cisco.com/en/US/docs/routers/7600/Hardware/Hardware_Guides/7600_Series_Router_Module_Guide/04flxwan.html

it confirms that only enhanced flexwan support lan PA.

PA 4T+ is supported

use the following for PA 4T+

http://www.cisco.com/en/US/docs/interfaces_modules/port_adapters/install_upgrade/serial/pa-4t+_sync_serial_install_config/3561pref.html

http://www.cisco.com/en/US/docs/interfaces_modules/port_adapters/install_upgrade/serial/pa-4t+_sync_serial_install_config/3561conf.html#wp1024936

Hope to help

Giuseppe

ip address

Jacob Samuel Fri, 12/26/2008 - 02:04

Hi Guisee,

Merry Xmas, i am sorry missed to wish you the same yesterday.

Guisee thanks for the infomration, as of now the WAN link is LL terminated on a 2600 router on serial int, but may be after the new phase completion will change from serial to 6Mb Link on Ethernet / Fiber on 6500. That is the plan behind the PA-2FE-FX module on the Flex. It is not clear till now.

Guisee i have another question which is related to FWSM. I would like to run the fwsm on Transparent mode. i have one vlan for servers (prefer to be the inside interface), another vlan for users, and the out side will be connecting to WAN (Flex). I have some idea about running FWSM on Routed mode but how we can do it in Transparent mode.

I was going through the docs but geting little confused with my scenario. In my scenarion do i have to run 2 bridge group?

Can you plz just give me a little briefing about this please.

regards

Jacob

Giuseppe Larosa Fri, 12/26/2008 - 02:57

Hello Jacob,

merry chrismas to you too.

first note:

I wouldn't use the PA FE if your module is a simple flexwan because is not supported on it (only second version of flexwan supports lan PAs) and I don't see any reason to use it on a C6500 with plenty of GE ports.

second note:

unfortunately, I have experience only with FWSM in routed mode that we have in our customer network.

Some collegue has started to use a FWSM transparent context with VRFs.

This was required to pass multicast traffic

see

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/fwmode_f.html#wp1219032

bridge-groups can be used what is very important is that without an ACL that permit traffic ip traffic is denied

A transparent context has only two interfaces an inside and an outside.

up to 8 bridge-groups each using a pair of interfaces can be defined.

if you need three interfaces you probably should use a routed context.

Hope to help

Giuseppe

Jacob Samuel Fri, 12/26/2008 - 03:15

Thanks for the information Giusee.

My Flexwan moduel is -

WS-X6582-2PA -Enhanced Fabric-enabled FlexWAN

i think it will support, otherwise it could give me the error while i do the configuration through Cisco Configurator Tool right? Could you plz chk again whether it will support or not. Thanks.

Second-

I am thinking in the same direction now, may be i have to use it on routed mode. I have implemented FWSM in routed mode once, but in a very basic way with single context, inside and outside interface only, so i am not having a wide knowledge on that.

I have few questiones more please -

Like in ASA, can we create a dedicated Management interface on FWSM also?

or

How can we make a management vlan for fwsm in routed mode?

thanks in advance

regards

Jacob

Giuseppe Larosa Fri, 12/26/2008 - 04:07

Hello Jacob,

1)yes the enhanced flewxwwan supports LAN PAs.

2) in routed mode you can have as many interfaces as needed both in single context or in a routed context in multicontext mode.

(up to 256 in single-context, 1000 in multi-context this depends from license and activation key)

It is probably your choice to designate a management Vlan interface on the FSWM.

Hope to help

Giuseppe

Jacob Samuel Fri, 12/26/2008 - 04:33

Thanks a lot Guisee... i may requier your valuable input at the time when i do the Implementation.

I will get back to you later.. thanks : )

Regards

Jacobs

Actions

This Discussion