Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

6500 "firewall vlan-group" VS. "svclc vlan-group"

I am trying to find out if there is a difference between the "firewall vlan-group" command and the "svclc vlan-group" command. I have found docs on CCO that imply that you use the "firewall vlan-group" command to assign VLANs to an FWSM but you use "svclc vlan-group" to assign them to an ACE. I have other docs (like an FWSM/ACE design guide) that actually use the "svclc vlan-group" command for both. I built what is currently a tier 1 production architecture using 3 different svclc groups. One for the FWSM only One for the ACE only, and one for VLANs shared between the two modules. It is working fine and I have had no issues whatsoever. The interesting thing is, over the past 6 months or so, on various TAC cases and SE discusssions, I've been told both that I am wrong for not using the "firewall vlan-group" command and that I'm not wrong. I can't find anything (or anyone) that can help me understand if there is actually some kind of difference between the commands. Just opinions. Does anyone have any insight into this?


Re: 6500 "firewall vlan-group" VS. "svclc vlan-group"

Firewall vlan-group command is used for assign VLANs to a firewall group

But to assign VLANs to a group using Cisco IOS software on the supervisor engine, use the svclc vlan-group command.

CreatePlease to create content