FWSM together switch 6500

Answered Question
Sep 21st, 2009

I am configuring a cisco 6509 switch with FWSM, but this a bit confusing to implement. I am following the following documentation http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml, however following the following configuration did not work. I would check if my understanding is correct. The FWSM firewall is like a part not working together with the switch, from what I saw on the configuration of the FWSM example conversation with the switch through a specific VLAN, and not together, am I correct? if so created because the configuration is incorrect? The next setting below.

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

FWSM

interface vlan 10

nameif outside

security-level 0

ip address 192.168.10.2 255.255.255.0

interface vlan 20

nameif inside

security-level 100

ip address 172.16.10.1 255.255.255.0

interface vlan 30

nameif dmz

security-level 60

ip address 172.16.20.1 255.255.255.224

not create any of the VLANs 10,20 and 30 on the switch 6500.

Regards

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 2 months ago

Ricardo

"not create any of the VLANs 10,20 and 30 on the switch 6500."

All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.

In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

But you must not have a L3 vlan interface for vlans 10 & 20.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 09/22/2009 - 07:51

Ricardo

"not create any of the VLANs 10,20 and 30 on the switch 6500."

All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.

In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

But you must not have a L3 vlan interface for vlans 10 & 20.

Jon

r-barbosa Wed, 09/23/2009 - 07:55

Hi john

Its my configuration is correct. the error was in command "nat-control". I'm using routing only, no nat. I entered the command "no nat-control" and resolved.

regards.

Actions

This Discussion