Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
1
Replies

simple firewall question

Go to solution
dkblee
Level 1
Level 1

‎02-01-2010 09:25 AM - edited ‎03-11-2019 10:03 AM

hi! We've a fwsm module in our core sw and i'm new to this. just want to find out what's the purpose of the bridge-group 1 command on the inside and outside interfaces? + what's the BVI1 for? is it related to the brige-group 1 command on the inside n outside command? can i have different bridge-group number for inside and outside? thx

interface Vlan100

nameif outside

bridge-group 1

security-level 0

interface BVI1

ip address 10.10.10.1 255.255.255.0

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-01-2010 09:31 AM 

dkblee@hotmail.com
 hi! We've a fwsm module in our core sw and i'm new to this. just want to find out what's the purpose of the bridge-group 1 command on the inside and outside interfaces? + what's the BVI1 for? is it related to the brige-group 1 command on the inside n outside command? can i have different bridge-group number for inside and outside? thx
interface Vlan100
nameif outside
bridge-group 1
security-level 0
 
interface BVI1
ip address 10.10.10.1 255.255.255.0

This configuration is for when you run the FWSM in transparent mode. With transparent mode the IP subnet is the same on the outside and the inside. You use 2 vlans, one for the outside and one for the inside but as i say they both use the same IP subnet.

You then join (ie. bridge) the 2 vlans together with the FWSM. So the bridge group needs to match so the FWSM knows which vlans to join together. The BVI is management IP for this transparent firewall.

Jon

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-01-2010 09:31 AM 

dkblee@hotmail.com
 hi! We've a fwsm module in our core sw and i'm new to this. just want to find out what's the purpose of the bridge-group 1 command on the inside and outside interfaces? + what's the BVI1 for? is it related to the brige-group 1 command on the inside n outside command? can i have different bridge-group number for inside and outside? thx
interface Vlan100
nameif outside
bridge-group 1
security-level 0
 
interface BVI1
ip address 10.10.10.1 255.255.255.0

This configuration is for when you run the FWSM in transparent mode. With transparent mode the IP subnet is the same on the outside and the inside. You use 2 vlans, one for the outside and one for the inside but as i say they both use the same IP subnet.

You then join (ie. bridge) the 2 vlans together with the FWSM. So the bridge group needs to match so the FWSM knows which vlans to join together. The BVI is management IP for this transparent firewall.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card