cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
489
Views
0
Helpful
1
Replies

Forwarding loop - FWSM in VSS chassis

paul.matthews
Level 5
Level 5

We have a but of an oddity. We have an FWSM in a 6500 VSS stack, and some traffic appears to be forwarded back to the switch.

We have a transit LAN between the VRF on the 6500 and the FWSM. All routing appears correct - the route via the FWSM points to the IP of the FWSM. The Arp entry is correct, but for some entries that should be beyond the firewall if we do a tracert from the 6500 all responses are the outgoing interface address of the 6500.

I was told the SW was 7.2.1., but that does not appear valid for FWSM!

Some addresses for the target VLAN seem OK!

Has anyone seen similar?

1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

I am not sure if I follow you. You are saying that when you traceroute you do not see the FWSM as a hop? Well the firewall never shows itself as a hop. On the ASA there is a way to decrement TTL but not on the FWSM.

If the arp entry is correct pls. check the "sh mac-address-table vlan " and see if the FWSM mac is seen on the vlans that it firewalls.

You are correct there is no FWSM code 7.2.1

http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-fwsm

Click on the All new releases will be available "here"

The latest in the 3.1.x train 3.1.(19)
The latest in the 4.0 train is 4.0.13
The latest in the 3.2 train is 3.2.(19)
The latest in the 4.1 train is 4.1(3)
ASDM is asdm-62(1)f.bin

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: