Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FWSM before or after MSFC?


I have a query.

I am using a 6500 with FWSM. I need to separate an internal server/HQ network from 3 or 4 different external connections. The external networks do not necessarily need to be isolated from each other.

I have the option of using a 3 layer model: L2 Access layer to SVIs on the Distribution layer and then L3 to the 6500.


L2 Access, connecting directly to the 6500s, with the SVIs on the FWSM.

Is it better to have the FWSM outside the MSFC or Inside?

Am i correct in thinking that "inside" vs "outside" is determined by whether the SVI's are configured on the FWSM or the MSFC?       

is there any performance impact from having the FWSM doing the routing instead of the MSFC.

If the vlans are all configured on the FWSM, what is the 6500 doing, other than providing switchports?

Thanks for your help. I find FWSM too confusing..


Everyone's tags (3)
Cisco Employee

FWSM before or after MSFC?


This engineer's view.

Think performance.

FWSM is an older platform with limited hardware comparing to today's networks' needs.

If you're going to push max of 1-2gb/s traffic without burts you might be OK with FWSM doing routing.

If traffic is bursty or you require more throughput between your internal vlans, well you should consider.

You can also go multicontext and make a hybrid design. ;-)