firewall vlan-group command

lowen · ‎06-05-2006

Probably a stupid question, but how can you remove vlans from an existing firewall vlan-group on a 6500? I had a couple of test contexts set up on fwsm, and have now deleted them. I want to release the vlans back into the wild (without a blip to the production contexts), but I don't see any syntax to do this. Help! (and thanks in advance).

Fernando_Meza · ‎06-05-2006

Hi .. please post the output of

show firewall vlan-group

show firewall module

a.kiprawih · ‎06-05-2006

Hi,

If you have something like:

firewall vlan-group 9 10,20,22,30,32

firewall module 9 vlan-group 9 -----> slot installed with FWSM

and would like to remove@release one (e.g vlan 20) or more vlan from the firewall group, use:

no firewall vlan-group 9 10,20,22,30,32

firewall vlan-group 9 10,22,30,32

http://www.ciscotaccc.com/kaidara-advisor/lanswitching/showcase?case=K21095264

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a0080159cac.html

CatOS:

If you have vlan 10,20,22,30 & 32 in fwsm's firewall-vlan 9 (9 is a tag to easily identify which slot fwsm sits)

To remove, use 'clear' command. To add, use 'set' command, .e.g to remove vlan 20 from fwsm vlan-group:

switch(enable) clear vlan 10,22,30,32 firewall-vlan 9

switch(enable) set vlan 10, 22,30,32 firewall-vlan 9

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a0080159cb1.html

Rgds,

AK

lowen · ‎06-06-2006

Well, I said initially that it might be a stupid question, and it was ...

I couldn't really use

no firewall vlan-group 9 10,20,22,30,32

firewall vlan-group 9 10,22,30,32

because I was concerned about a (however momentary) "blip" in service to the contexts using the remaining vlans. In retrospect, it should have been obvious to try

no firewall vlan-group 9 20

which works.

Larry Owen