Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to replace the Firewall Services Module assigned to a group of VLANs in a Catalyst 6500 series switch

Core issue

All Catalyst 6500 series switches support hot swapping, which allows you to install, remove, replace, and re-arrange modules without the need to turn off the system power. When the system software detects that a module has been installed or removed, the system automatically runs diagnostic and discovery routines, acknowledges the presence or absence of the module, and resumes system operation.

Resolution

Complete these steps before you remove the module in order to replace the FWSM assigned to a group of controlled VLANs without causing any outage:

  1. Issue the no firewall module module number> vlan-group firewall_group> command in order to remove the VLAN group from the firewall module.
     
  2. Issue the no firewall vlan-group firewall_group> command in order to delete the VLAN groups.
     
  3. Issue the no firewall multiple-vlan-interfaces command in order to remove multiple VLAN interfaces (SVI). 

  4. Issue the hw-module slot slot-number> shutdown command, then remove the FWSM module.

Scenario to add specific VLANs:  When you want to add VLANs from 2 to 1000 and exclude VLAN 400 and 420, complete these two steps:

  1. Remove all the VLAN on VLAN group 1.

    Switch(config)#no firewall vlan-group 1  2-1000
       
  2. Issue this command in order to add the VLANs you want:

    Switch(config)#firewall vlan-group 1 2-399,401-419,421-1000
       

Note: The firewall vlan-group command appends the VLANs specified to the ones you already have on the group, since the group 2-399,401-419,421-1000 is the part of group 2-1000.

Refer to the Installing and Removing the FWSM section of Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Installation Note for more information and for the steps to remove a FWSM module for a chassis slot.

Refer to Catalyst 6500 FWSM - Replacement of Failover Unit after a Hardware Failure for more information.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 06:16 PM
Updated by:
 
Labels (1)