Add vlan in FWSM

rc.castillo · ‎10-07-2009

hi,

Newbie question here. how can i add a vlan to a fwsm module. What are the steps i should do? And also, can i directly assign the vlan i add to fwsm directly to a switchport (i.e. access switch)

thanks.

Jon Marshall · ‎10-07-2009

Roselyn

It depends on whether you already have vlans assigned to the firewall or not. If you do then simply add the vlan you want to assign ie.

firewall vlan-group 20 11,12,16 <-- the vlan you added was 16, and firewall vlan-group 20 already existed in the 6500 config with vlans 11,12 already assigned.

If you haven't assigned any yet then you need an additional step ie.

firewall vlan-group 20 16

firewall module 7 vlan-group 20

where 7 in the firewall module command is the slot the FWSM is in in your 6500 chassis. See this link for full details -

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/switch_f.html#wp1175820

"And also, can i directly assign the vlan i add to fwsm directly to a switchport (i.e. access switch)"

Yes you can ie. you have a vlan you want to firewall. You assign it to the firewall as above, configure the FWSM and then allocate the switchports of the devices you want to firewall to that vlan.

Jon