I have a scenario to install FWSM as a WAN Firewall on WAN-Aggregation VSS. One of the obstacles I have to resolve is keeping the Ether-Channel currently connects WAN-Aggregation to the downstream Core-Switch (another VSS).
The way I see it, setting the FWSM either in Routed mode or Transparent Mode, will slash the existing Layer-3 Etherchannel, because FWSM supports only Interface Vlans, not Port-channel.
Any idea how to connect the two blocks (WAN Aggregation and Core Switch) together after inserting the FWSM and keeping the Etherchannel ?
I'm sorry but the FWSM can not pass Etherchannels across them without breaking them down into individual VLANs. If this Etherchannel is carrying a substantial amount of data, it would not be very effective to pass it through the FWSM anyhow. The FWSM has a limit of about 1Gbps for any individual flow. Assuming that whatever approach or encapsulation was taken to get it across the FWSM, you would effectively limit the available bandwidth.
If it is imperative to keep this Etherchannel as it is, you will need to route it around the FWSM.
Hope this helps.