Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FWSM Int problem

I can't get the Vlan interfaces on the FWSM to come up because I don't have a phy int to bind them to... Anyone know how to do this?

Here's the relevent config for the fwsm:

interface Vlan100

nameif inside

security-level 100

ip address 10.254.254.203 255.255.255.248

and the 6506:

firewall vlan-group 4 100,200

vtp mode transparent

vlan 100

name Firewall_Inside

interface GigabitEthernet2/46

no ip address

switchport

switchport access vlan 100

switchport mode access

spanning-tree bpduguard enable

interface Vlan100

ip address 10.254.254.201 255.255.255.248

4 REPLIES
New Member

Re: FWSM Int problem

sooo... no one's encountered this before?

New Member

Re: FWSM Int problem

Hi,

You are missing:

firewall module x vlan-group y.

Where x is slot where ur module sits, and y is your vlan group that you defined. This will start trunking your Vlans to FWSM.

You also need

"firewall multiple-vlan-interfaces" if you are trunking more than 1 vlans.

Hope this helps.

Thanks

Jay

New Member

Re: FWSM Int problem

That was it.. thanks! I managed to get the answer a few hours before you posted this. But thanks!

New Member

Re: FWSM Int problem

Hi,

one thing seems to miss on your 6506 configuration :

Below please find an example :

This example shows how you can create three firewall VLAN groups: one for each FWSM, and one that includes VLANs assigned to both FWSMs.

Router(config)# firewall vlan-group 50 55-57

Router(config)# firewall vlan-group 51 70-85

Router(config)# firewall vlan-group 52 100

Router(config)# firewall module 5 vlan-group 50,52

Router(config)# firewall module 8 vlan-group 51,52

You don't need any physical interface to do that.

check on the FWSM is the Vlan is up. Don't hesitate to type "no shutdown" in the desired vlan config.

Hope it will help.

See ya?

144
Views
10
Helpful
4
Replies