Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM in VSS Conversion

I'm wondering if anyone can tell me if I'm on track with this. First let me say that I don't know the FWSM at all (I know the ASA, but not this module). I am going to be retiring two old 6500 chassis which contain 2 FWSMs running in active / standby and moving them into two new 6500 chassis running VSS.

I have the new VSS up and am staging the FWSM part of the configuration. I don't have spare modules to install so I am entering the configurations with no corresponding modules (VSS seems to be taking the config okay). Here is what I have configured on the VSS 6509E:

svclc switch 1 module 9 vlan-group 1

svclc switch 2 module 9 vlan-group 1

firewall switch 1 module 9 vlan-group 1

firewall switch 2 module 9 vlan-group 1

firewall vlan-group 1 100,200,300,400

I've created an interface VLANs for the inside interface-VLAN 200. All of this is copied from the current configuration (no changes). I understand from the docs that you should only have a single interface (right?).

So with the configuration above, I think I have this finished. Here are my newbie questions:

- On cutover night, can I just pull the FWSMs and install them into slot 9 on each VSS chassis w/o further configuration?

- Will I lose any of the FWSM configuration when I do this? I'll have backup's of the config, but need to know if I should be prepared to apply them right away?

- What else do I not know that might "kill" me on cutover night?



Cisco Employee

Re: FWSM in VSS Conversion

Yes, you can certainly do that. You have taken the necessary precautions. Good luck to you.

I hope the new 6k has the vlans created in the vlan database.

When you say only one interface - do you mean only one SVI?

If so, you can have multiple SVIs but, you just have to be very careful with routing on the switch side or traffic might route around the firewall.

Community Member

Re: FWSM in VSS Conversion

Thanks for your response. Yes, I have created the VLANs in the database (thanks for checking). And yes, I meant only a single SVI.

So it sounds like I'm all good to go on this. Thanks again for your response!


Community Member

Re: FWSM in VSS Conversion

Hi Joe,

Please ensure that your equipment is running the correct software version.

Minimum software version for:

6500 switch - 12.2(33)SXI

FWSM - 4.0.4

CreatePlease to create content