FWSM together switch 6500

Answered Question
Sep 21st, 2009

I am configuring a cisco 6509 switch with FWSM, but this a bit confusing to implement. I am following the following documentation http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml, however following the following configuration did not work. I would check if my understanding is correct. The FWSM firewall is like a part not working together with the switch, from what I saw on the configuration of the FWSM example conversation with the switch through a specific VLAN, and not together, am I correct? if so created because the configuration is incorrect? The next setting below.


switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0


FWSM

interface vlan 10

nameif outside

security-level 0

ip address 192.168.10.2 255.255.255.0

interface vlan 20

nameif inside

security-level 100

ip address 172.16.10.1 255.255.255.0

interface vlan 30

nameif dmz

security-level 60

ip address 172.16.20.1 255.255.255.224


not create any of the VLANs 10,20 and 30 on the switch 6500.


Regards


Correct Answer by Jon Marshall about 7 years 5 months ago

Ricardo


"not create any of the VLANs 10,20 and 30 on the switch 6500."


All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.


In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -


switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0


But you must not have a L3 vlan interface for vlans 10 & 20.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 09/22/2009 - 07:51

Ricardo


"not create any of the VLANs 10,20 and 30 on the switch 6500."


All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.


In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -


switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0


But you must not have a L3 vlan interface for vlans 10 & 20.


Jon

r-barbosa Wed, 09/23/2009 - 07:55

Hi john


Its my configuration is correct. the error was in command "nat-control". I'm using routing only, no nat. I entered the command "no nat-control" and resolved.


regards.

Actions

This Discussion