I inherited a fairly large network. Dual 6513's with single fwsm's. When I log into the switch we have 8 vlans configured. I am really confused on how to get started. What I think needs to be done is first the vlan is created on the switch. Then using the firewall vlan group command I would add this new vlan. Then it will magically show up in the fwsm?
Reading the following article: http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml
It only add's one vlan to the msfc, vlan 20. And then it configures the rest of the vlans on the fwsm? This is backwards of the way mine looks to be configured. Also, all of my vlan's on the msfc are shutdown. That part is weird to.
From what I read, you can configure it this way but it lists a secuirty disclaimer when doing this.
For security reasons, by default, only one SVI can exist between the MSFC and the FWSM. For example, if you misconfigure the system with multiple SVIs, you can accidentally allow traffic to pass around the FWSM if you assign both the inside and outside VLANs to the MSFC.
This post is probably more confusing that it's worth. But if someone could give me some insight into adding a vlan into this env that would be great.