Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM and Etherchannelling

Hi,

I have a scenario to install FWSM as a WAN Firewall on WAN-Aggregation VSS. One of the obstacles I have to resolve is keeping the Ether-Channel currently connects WAN-Aggregation to the downstream Core-Switch (another VSS).

The way I see it, setting the FWSM either in Routed mode or Transparent Mode, will slash the existing Layer-3 Etherchannel, because FWSM supports only Interface Vlans, not Port-channel.

Any idea how to connect the two blocks (WAN Aggregation and Core Switch) together after inserting the FWSM and keeping the Etherchannel ?

Thanks

Sam

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: FWSM and Etherchannelling

Sam,

I'm sorry but the FWSM can not pass Etherchannels across them without breaking them down into individual VLANs.  If this Etherchannel is carrying a substantial amount of data, it would not be very effective to pass it through the FWSM anyhow.  The FWSM has a limit of about 1Gbps for any individual flow.  Assuming that whatever approach or encapsulation was taken to get it across the FWSM, you would effectively limit the available bandwidth.

If it is imperative to keep this Etherchannel as it is, you will need to route it around the FWSM.

Hope this helps.

Best Regards,

Kevin

2 REPLIES
Cisco Employee

Re: FWSM and Etherchannelling

Sam,

I'm sorry but the FWSM can not pass Etherchannels across them without breaking them down into individual VLANs.  If this Etherchannel is carrying a substantial amount of data, it would not be very effective to pass it through the FWSM anyhow.  The FWSM has a limit of about 1Gbps for any individual flow.  Assuming that whatever approach or encapsulation was taken to get it across the FWSM, you would effectively limit the available bandwidth.

If it is imperative to keep this Etherchannel as it is, you will need to route it around the FWSM.

Hope this helps.

Best Regards,

Kevin

Community Member

Re: FWSM and Etherchannelling

Thanks Kevin. Appreciate your confirmation and clarification, as well.

351
Views
0
Helpful
2
Replies
CreatePlease to create content