12-24-2008 09:21 AM - edited 03-06-2019 03:08 AM
Its a cross posting
Hi,
Can anybody help me again please.
I have 2 switches in the backbone. 6509E with FWSM, IDS, Flex wan module. I will connect all my edge swithces, 15 Numbers (600+ Nodes) to the 6724 SFP module on MM Fiber. Edge switches 3560G sereies will act as a L2 switch only. All Layer 3 Vlan will be created on the core switch (6509E). I have around 20 servers which I will connect to the same switch on WS-X6148A module, 100/1000mb 48 port . The servers will be in a single Vlan (SERVER VLAN) and all the nodes will be in another VLAN (USER VLAN). As per the design server vlan will connect to the Firewall (FWSM) on inside interface, users will connect to another dmz interface and outside will connect to the Router, which is the Flex-WAN Module in the same 6509E Switch on say slot 3.
I want to know about this connection only. How it will be connected? will it be a physical connection? I will make one interface as the memebr of the outside vlan and connect to the flex wan physically ??
Aprecaite your earlier reply please.
regards
Jacob
12-24-2008 09:33 AM
Hello Jacob,
there is something unclear.
Flexwan is used to install up to two Port Adapters for wan links like 8E1 or DS3 or STM-1.
The PA are the ones supported in C7200 and the C7500 series.
At least when flexwan was introduced the LAN PAs were the only ones not supported
For example we have it on two C6500 and they host each a 2T3+ PA and 1 8E1 PA.
2 0 2 port adapter FlexWAN WS-X6182-2PA SAD074804X9
RT-RM-TLD066-RG-MAN-E-1#sh ip int br | inc 2/
Serial2/0/0 172.24.128.213 YES manual up up
Serial2/0/1 unassigned YES manual administratively down down
Serial2/1/0 10.64.131.13 YES NVRAM up up
Serial2/1/1 10.110.0.17 YES NVRAM up up
Serial2/1/2 unassigned YES NVRAM administratively down down
Serial2/1/3 unassigned YES NVRAM administratively down down
RT-RM-TLD066-RG-MAN-E-1#
so the flex-wan can be used but to connect to a wan link not in a vlan context
Hope to help
Giuseppe
12-24-2008 11:39 AM
Hi Guiseppe,
thanks for the input. Now getting little clear (sorry this is the first time for me to work on the Flex WAN).
I have 2 PA for the module, PA-2FE-FX, PA-4T+. As you mentioned these are facing to WAN side. How I will route my traffic from the LAN Core Switch (6509E)to the Router (6509E - Flex WAN) module on the same switch.
If you can provide me any document which can give some basic understanding about the module.. it will really help me..
regards
Jacob
12-24-2008 09:39 PM
12-25-2008 02:45 AM
HI All
Is still my question is not clear.
Can any one plz have a look on this.
I am in need of a help very urgently please.
12-25-2008 09:03 AM
Hello Jacob,
I think you connect the wan link on one of the T ports of the PA installed in the flexwan.
the configuration is really similar to routers
it can be something like
controller t1 3/1/0
channel-group 0 unframed
int ser3/1/0:0
enc ppp
ip address wan.ip.address
and yes the LAN part can be done all on the MSFC and on the FWSM.
for reference see
it confirms that only enhanced flexwan support lan PA.
PA 4T+ is supported
use the following for PA 4T+
Hope to help
Giuseppe
ip address
12-26-2008 02:04 AM
Hi Guisee,
Merry Xmas, i am sorry missed to wish you the same yesterday.
Guisee thanks for the infomration, as of now the WAN link is LL terminated on a 2600 router on serial int, but may be after the new phase completion will change from serial to 6Mb Link on Ethernet / Fiber on 6500. That is the plan behind the PA-2FE-FX module on the Flex. It is not clear till now.
Guisee i have another question which is related to FWSM. I would like to run the fwsm on Transparent mode. i have one vlan for servers (prefer to be the inside interface), another vlan for users, and the out side will be connecting to WAN (Flex). I have some idea about running FWSM on Routed mode but how we can do it in Transparent mode.
I was going through the docs but geting little confused with my scenario. In my scenarion do i have to run 2 bridge group?
Can you plz just give me a little briefing about this please.
regards
Jacob
12-26-2008 02:57 AM
Hello Jacob,
merry chrismas to you too.
first note:
I wouldn't use the PA FE if your module is a simple flexwan because is not supported on it (only second version of flexwan supports lan PAs) and I don't see any reason to use it on a C6500 with plenty of GE ports.
second note:
unfortunately, I have experience only with FWSM in routed mode that we have in our customer network.
Some collegue has started to use a FWSM transparent context with VRFs.
This was required to pass multicast traffic
see
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/fwmode_f.html#wp1219032
bridge-groups can be used what is very important is that without an ACL that permit traffic ip traffic is denied
A transparent context has only two interfaces an inside and an outside.
up to 8 bridge-groups each using a pair of interfaces can be defined.
if you need three interfaces you probably should use a routed context.
Hope to help
Giuseppe
12-26-2008 03:15 AM
Thanks for the information Giusee.
My Flexwan moduel is -
WS-X6582-2PA -Enhanced Fabric-enabled FlexWAN
i think it will support, otherwise it could give me the error while i do the configuration through Cisco Configurator Tool right? Could you plz chk again whether it will support or not. Thanks.
Second-
I am thinking in the same direction now, may be i have to use it on routed mode. I have implemented FWSM in routed mode once, but in a very basic way with single context, inside and outside interface only, so i am not having a wide knowledge on that.
I have few questiones more please -
Like in ASA, can we create a dedicated Management interface on FWSM also?
or
How can we make a management vlan for fwsm in routed mode?
thanks in advance
regards
Jacob
12-26-2008 04:07 AM
Hello Jacob,
1)yes the enhanced flewxwwan supports LAN PAs.
2) in routed mode you can have as many interfaces as needed both in single context or in a routed context in multicontext mode.
(up to 256 in single-context, 1000 in multi-context this depends from license and activation key)
It is probably your choice to designate a management Vlan interface on the FSWM.
Hope to help
Giuseppe
12-26-2008 04:33 AM
Thanks a lot Guisee... i may requier your valuable input at the time when i do the Implementation.
I will get back to you later.. thanks : )
Regards
Jacobs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide