Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Bronze

How to offload routing from FWSM in routed mode to MSFC...

Hi,

I have 6509 switch with MSFC & FWSM card.

Configured single SVI instance VLAN 901 b/w 6509 & FWSM. Configured "int vlan2" & "Int vlan10" etc & FWSM is doing Inter VLAN routing.

I have seen there is an option to use MSFC for routing in this design but not sure how to offload to MSFC with existing configuration.

Can somebody advice on this?

And also, I am not sure whether my FWSM is behind MSFC or MSFC is behind FWSM & where STP topology ends. Appreciate if you can clarify.

This is the relevant configuration....

In the Chasis (MSFC)...

interface Vlan90
ip address 10.16.254.1 255.255.255.0
no ip redirects
no ip proxy-arp

In FWSM in the same chasis...

interface Vlan3
nameif INSIDE
security-level 100
ip address 10.16.0.17 255.255.255.240 standby 10.16.0.18

interface Vlan90
nameif MGMT
security-level 100
ip address 10.16.254.5 255.255.255.0 standby 10.16.254.6

Thanks in advance...

Regards...

-Ashok.

With best regards... Ashok ----------- Pls kindly rate if helpful or answered your question.
1 REPLY
Cisco Employee

Re: How to offload routing from FWSM in routed mode to MSFC...

Your topology is like this.

MSFC--(vlan90)--FWSM--(vlan3/INSIDE)----

Both vlan 3 and 90 are of the same security level.

Do you get it?

Now if you want to send all traffic from the FWSM to the MSFC you would need a route on the FWSM as follows:

route MGMT 0.0.0.0 0.0.0.0 10.16.254.1

If you topology was like this:

MSFC--vlan3/sec100--(inside)FWSM(outside)--vlan90/sec50

Then we can say that the MSFC is behind the FWSM on the inside.

-KS

244
Views
0
Helpful
1
Replies
CreatePlease to create content