fwsm disgining issue

Answered Question
Oct 1st, 2010
User Badges:

Hi all,


One of my client recently purchased two FWSM modules and placed it on the 6509E switch. The switch is already in production. The traffic is not yet diverted to the modules. My clients requirement is he want 10 G throghput. The switch is already having 100 vlans and he wants to put only 5 vlans on inside and remaining vlan should be on outside. I am totally new to FWSM and no idea about how to design this requirement. Anyone please help How can I design and plan this implementation. Your help is really appreciable.


Thank you...


Rgds


R.MADHANKUMAR

Correct Answer by Panos Kampanakis about 6 years 7 months ago

I meant to have


5vlans---FWSM---newvlan----switch SVI--------95vlans on the switch.


You might need to make SVIs and routing changes on the switch depending on the setup.


Please rate helpful posts.


PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Panos Kampanakis Fri, 10/01/2010 - 09:29
User Badges:
  • Cisco Employee,

The FWSM can do maximum 5.5Gbps. Real world traffic it can do less than that.


Your best bet would be to use both FWSMs. I would make sure I split the traffic between the 2 and put vlans behind it so that the traffic that flows through it is not more that 4-5Gbps.


Here is a logical diagram



     up to 4-5Gbps

vlans----FWSM1-----

                            | ----outside

vlans----FWSM2-----

     up to 4-5Gbps


I hope it helps.


PK

Madhan Kumar Fri, 10/01/2010 - 10:25
User Badges:

Hi Pk,


Thanks for your reply. As per your idea I will split the traffic and place the vlans. I have 100 vlans running at switch and I want to place only 5 vlans inside and remaining vlans should be outside. Is it possible?. If it is possible I have to create all inerface vlans at FWSM like 5 vlans are inside and the reamining vlans are outside and route the traffic to the outside vlans?. Expecting your valuable suggestions. There is no internet in this site and it is a intranet kind of setup.

Panos Kampanakis Fri, 10/01/2010 - 10:37
User Badges:
  • Cisco Employee,

You can of course push all the vlans on the FWSM and have the FWSM firewall the outside vlans and the 5 other vlans.


You can also put the 5 vlans behind the FWSM/s and have the outside being a new SVI on the switch and then the switch routing to all the other vlans. That can be done also. So you don't need to push all the vlans to the FWSM/s.


I hope it makes sense.


PK

Madhan Kumar Fri, 10/01/2010 - 10:49
User Badges:

Hi PK,


Would you please little bit elaborate. I am just confused to place vlans on the module. If I create all 95 interface vlans as outside interfaces then it seems a big task to route all inside vlan traffic to outside vlans.

Correct Answer
Panos Kampanakis Fri, 10/01/2010 - 11:12
User Badges:
  • Cisco Employee,

I meant to have


5vlans---FWSM---newvlan----switch SVI--------95vlans on the switch.


You might need to make SVIs and routing changes on the switch depending on the setup.


Please rate helpful posts.


PK

Actions

This Discussion

Related Content