Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

cwu
New Member

Configuring Cat 6500 with FWSM

We have just received a 6500 with MSFC and FWSM and I'm trying to figure out how to configure vlans to be processed by the firewall. Are there sample configurations anywhere besides the ones in the "Getting Started" guide?

I can configure the initial SVI, but any subsequent vlans I configure on the MSFC are "Forced to stay down" because there's already a "SVI tied to the line card in slot X". I'm sure I'm missing something but what?

  • Other Network Infrastructure Subjects
2 REPLIES
New Member

Re: Configuring Cat 6500 with FWSM

I believe FWSM card would need Native IOS and not MSFC / Hybird IOS.

New Member

Re: Configuring Cat 6500 with FWSM

Start with the firewall chapter of this:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns304/c649/ccmigration_09186a008014efaf.pdf

With the some versions of IOS you are permitted to have multiple SVIs - but this will always be a less secure configuration.

You need to choose- do you want the MSFC inside the firewall or outside ?

If you're using this switch on the edge of your network then probably you want the FWSM on the outside and the MSFC on the inside.

However, if you need the routing functions of the MSFC on the outside you have no choice - my MSFCs are on the outside because they're running BGP. Then I have a dozen or so VLANs setup on the FWSM, ranging from outside, which is where the default route on the FWSM goes to the MSFC. To inside, where my company database resides, with very limited access.

Where it gets fun is when you add load balancing within the chassis too.

Simon

185
Views
0
Helpful
2
Replies
This widget could not be displayed.