Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Forwarding loop - FWSM in VSS chassis

We have a but of an oddity. We have an FWSM in a 6500 VSS stack, and some traffic appears to be forwarded back to the switch.

We have a transit LAN between the VRF on the 6500 and the FWSM. All routing appears correct - the route via the FWSM points to the IP of the FWSM. The Arp entry is correct, but for some entries that should be beyond the firewall if we do a tracert from the 6500 all responses are the outgoing interface address of the 6500.

I was told the SW was 7.2.1., but that does not appear valid for FWSM!

Some addresses for the target VLAN seem OK!

Has anyone seen similar?

Cisco Employee

Re: Forwarding loop - FWSM in VSS chassis

I am not sure if I follow you. You are saying that when you traceroute you do not see the FWSM as a hop? Well the firewall never shows itself as a hop. On the ASA there is a way to decrement TTL but not on the FWSM.

If the arp entry is correct pls. check the "sh mac-address-table vlan " and see if the FWSM mac is seen on the vlans that it firewalls.

You are correct there is no FWSM code 7.2.1

Click on the All new releases will be available "here"

The latest in the 3.1.x train 3.1.(19)
The latest in the 4.0 train is 4.0.13
The latest in the 3.2 train is 3.2.(19)
The latest in the 4.1 train is 4.1(3)
ASDM is asdm-62(1)f.bin