Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting Inter-VLAN Routing on 6509-E

I have a set of 6509s with FWSMs in one. The network design requires multiple VLANs in front of, behind, and in a DMZ of the FWSM. How do I guarantee that traffic goes up through the FWSM as expected instead of being routed via the MSFC directly to the target network?

2 REPLIES
Bronze

Re: Restricting Inter-VLAN Routing on 6509-E

A sample configuration look like this

security ACLs

set security acl ip postacl permit arp

set security acl ip postacl permit ip any any

New Member

Re: Restricting Inter-VLAN Routing on 6509-E

The vlans that need to be FWSM-protected should be configured at Layer 3 on the FWSM only, not on the MSFC. Assign them to the FWSM in the switch configuration and it should take care of itself. Make sure that the MSFC has routes to the networks behind the FWSM and vice versa- it's behaving as another router in this configuration.

169
Views
0
Helpful
2
Replies
CreatePlease login to create content