Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

multiple fwsm context on same vlan

Hi,

I've noticed that for a reason, you cannot assign the same vlan onto multiple context within the FWSM.

Is there a way to go around this limitation? Does anybody know if this will be addressed.

Regards,

Stephane

5 REPLIES
Hall of Fame Super Blue

Re: multiple fwsm context on same vlan

Hi Stephane

You should be able to as the FWSM supports the concept of a shared vlan between contexts. On our production FWSM's we have a vlan for the outside interfaces that is shared between contexts so each outside interface has an IP address out of the same subnet.

Jon

New Member

Re: multiple fwsm context on same vlan

Hi Jon,

I thought that multiple contexts within the same fwsm share the same mac address. Is this correct

Hall of Fame Super Blue

Re: multiple fwsm context on same vlan

Hi

Taken from our production FWSM

Admin context

=============

Interface vlan241 "outside", is up, line protocol is up

MAC address 0015.624a.4780, MTU 1500

IP address 10.181.107.132, subnet mask 255.255.255.128

ebus context

============

Interface vlan241 "outside", is up, line protocol is up

MAC address 0015.624a.4780, MTU 1500

IP address 10.181.107.134, subnet mask 255.255.255.128

So yes they do share the same mac-address bur remember that these are purely virtual interfaces. How the FWSM decides which context to send the traffic to is all to do with the classifier and indeed when you share a vlan you do have to be aware of how the FWSM clasifier works or it can be quite confusing :-)

Jon

New Member

Re: multiple fwsm context on same vlan

Hi,

But using the classifier, you had to create a static nat to get it working. On top of it I would need to cascade contexts, which I think does not work.

Why does'nt the fwsm now it's own ip's and that you have to NAT to get it working.

Wouldn't static routes work

Hall of Fame Super Blue

Re: multiple fwsm context on same vlan

Stephane

Not sure i follow. Your original question was about not being able to share a vlan across contexts and i pointed out that you can.

As far as statics are concerned, yes you need to setup static translations because the classifier first looks at the vlan interface the packet comes in on but as the vlan is shared it then needs a translation to work out which context to use.

Could you explain what you mean regarding static routes ?

Jon

433
Views
0
Helpful
5
Replies