Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

fwsm disgining issue

Hi all,

One of my client recently purchased two FWSM modules and placed it on the 6509E switch. The switch is already in production. The traffic is not yet diverted to the modules. My clients requirement is he want 10 G throghput. The switch is already having 100 vlans and he wants to put only 5 vlans on inside and remaining vlan should be on outside. I am totally new to FWSM and no idea about how to design this requirement. Anyone please help How can I design and plan this implementation. Your help is really appreciable.

Thank you...

Rgds

R.MADHANKUMAR

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: fwsm disgining issue

I meant to have

5vlans---FWSM---newvlan----switch SVI--------95vlans on the switch.

You might need to make SVIs and routing changes on the switch depending on the setup.

Please rate helpful posts.

PK

5 REPLIES
Cisco Employee

Re: fwsm disgining issue

The FWSM can do maximum 5.5Gbps. Real world traffic it can do less than that.

Your best bet would be to use both FWSMs. I would make sure I split the traffic between the 2 and put vlans behind it so that the traffic that flows through it is not more that 4-5Gbps.

Here is a logical diagram

     up to 4-5Gbps

vlans----FWSM1-----

                            | ----outside

vlans----FWSM2-----

     up to 4-5Gbps

I hope it helps.

PK

New Member

Re: fwsm disgining issue

Hi Pk,

Thanks for your reply. As per your idea I will split the traffic and place the vlans. I have 100 vlans running at switch and I want to place only 5 vlans inside and remaining vlans should be outside. Is it possible?. If it is possible I have to create all inerface vlans at FWSM like 5 vlans are inside and the reamining vlans are outside and route the traffic to the outside vlans?. Expecting your valuable suggestions. There is no internet in this site and it is a intranet kind of setup.

Cisco Employee

Re: fwsm disgining issue

You can of course push all the vlans on the FWSM and have the FWSM firewall the outside vlans and the 5 other vlans.

You can also put the 5 vlans behind the FWSM/s and have the outside being a new SVI on the switch and then the switch routing to all the other vlans. That can be done also. So you don't need to push all the vlans to the FWSM/s.

I hope it makes sense.

PK

New Member

Re: fwsm disgining issue

Hi PK,

Would you please little bit elaborate. I am just confused to place vlans on the module. If I create all 95 interface vlans as outside interfaces then it seems a big task to route all inside vlan traffic to outside vlans.

Cisco Employee

Re: fwsm disgining issue

I meant to have

5vlans---FWSM---newvlan----switch SVI--------95vlans on the switch.

You might need to make SVIs and routing changes on the switch depending on the setup.

Please rate helpful posts.

PK

322
Views
0
Helpful
5
Replies