Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM & vlan1

Just installed the FWSM in our 6513. Was reading on its configuration. It states under assigning VLANs to the FWSM under VLAN guidelines that you can not use VLAN 1. We do use VLAN 1.

To change away from VLAN 1 would require a lot of changes on our campus edge switches. By default all switch ports were in VLAN 1 when our LAN was first setup.

What is the issue with VLAN 1 and is there nothing I can do other than start the process of moving away from using VLAN 1?

Craig

3 REPLIES

Re: FWSM & vlan1

Hi Craig,

Unfortunately, as you noted, it is impossible to push VLAN 1 down to the FWSM.

Aside from redesigning your network to not use VLAN 1, you can try creating another SVI and routing your traffic through the MSFC before being sent down to the FWSM. So, the packet's path might look something like this:

VLAN1---MSFC---VLAN2---FWSM---VLAN100---Internet

With this workaround, you can push VLAN2 and VLAN100 down to the FWSM and still keep your hosts on VLAN1.

Hope that helps.

-Mike

Community Member

Re: FWSM & vlan1

Thanks for the workaround. So what is the issue with VLAN 1?

Craig

Re: FWSM & vlan1

Hi Craig,

I believe the reason for this is simply the enforcement of a best practice. It is assumed that VLAN1 will be used for management traffic only and not need to be firewalled. It is a best practice to move your production traffic into VLANs other than VLAN1 (though certainly not a requirement as you have seen in your case).

-Mike

140
Views
0
Helpful
3
Replies
CreatePlease to create content