We have just received a 6500 with MSFC and FWSM and I'm trying to figure out how to configure vlans to be processed by the firewall. Are there sample configurations anywhere besides the ones in the "Getting Started" guide?
I can configure the initial SVI, but any subsequent vlans I configure on the MSFC are "Forced to stay down" because there's already a "SVI tied to the line card in slot X". I'm sure I'm missing something but what?
With the some versions of IOS you are permitted to have multiple SVIs - but this will always be a less secure configuration.
You need to choose- do you want the MSFC inside the firewall or outside ?
If you're using this switch on the edge of your network then probably you want the FWSM on the outside and the MSFC on the inside.
However, if you need the routing functions of the MSFC on the outside you have no choice - my MSFCs are on the outside because they're running BGP. Then I have a dozen or so VLANs setup on the FWSM, ranging from outside, which is where the default route on the FWSM goes to the MSFC. To inside, where my company database resides, with very limited access.
Where it gets fun is when you add load balancing within the chassis too.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...