Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding new vlans in FWSM firewall vlan-group command

Dear Team

We have a core switch in VSS with FWSM running with multiple contexts.

I need to create 5 new DMZ (interfaces) in FWSM server context 

Currently my config shows like below, which includes three "firewall vlan-group" statements, each with a comma-separated list of vlan numbers:

firewall switch 1 module 4 vlan-group 1,2,3
firewall switch 2 module 4 vlan-group 1,2,3

firewall vlan-group 1  2,3,4
firewall vlan-group 2  5,6,7  (vlans for server context)
firewall vlan-group 3  8,9,10


My question is:  when I add the 5 new vlans, do I have to simply issue an additional "firewall vlan-group" statement with the five new vlan numbers, like this?

firewall vlan-group 2 30,40,50,60,70  (I need to add vlans in vlan-group 2)

In other words, will above command overwrite my existing list of vlans in vlan group 2 if I only add the five new vlans in vlan group 2 ?  I obviously don't want to lose connectivity by erasing all my existing vlans.

Or do I have to issue a new statement that includes ALL of the existing vlans and five new vlans, like this?

firewall vlan-group 2 [all previously existing vlans],30,40,50,60,70 (five new vlans)

I want to know if i typed the above command with existing vlan and the new vlans does it cause any issues to the running environment b/c i think with the above command existing vlans will also be pushed along with new vlans to FWSM again or this is not the case.

CreatePlease to create content