Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

firewall vlan-group command

Probably a stupid question, but how can you remove vlans from an existing firewall vlan-group on a 6500? I had a couple of test contexts set up on fwsm, and have now deleted them. I want to release the vlans back into the wild (without a blip to the production contexts), but I don't see any syntax to do this. Help! (and thanks in advance).

3 REPLIES

Re: firewall vlan-group command

Hi .. please post the output of

show firewall vlan-group

show firewall module

Re: firewall vlan-group command

Hi,

If you have something like:

firewall vlan-group 9 10,20,22,30,32

firewall module 9 vlan-group 9 -----> slot installed with FWSM

and would like to remove@release one (e.g vlan 20) or more vlan from the firewall group, use:

no firewall vlan-group 9 10,20,22,30,32

firewall vlan-group 9 10,22,30,32

http://www.ciscotaccc.com/kaidara-advisor/lanswitching/showcase?case=K21095264

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a0080159cac.html

CatOS:

If you have vlan 10,20,22,30 & 32 in fwsm's firewall-vlan 9 (9 is a tag to easily identify which slot fwsm sits)

To remove, use 'clear' command. To add, use 'set' command, .e.g to remove vlan 20 from fwsm vlan-group:

switch(enable) clear vlan 10,22,30,32 firewall-vlan 9

switch(enable) set vlan 10, 22,30,32 firewall-vlan 9

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a0080159cb1.html

Rgds,

AK

New Member

Re: firewall vlan-group command

Well, I said initially that it might be a stupid question, and it was ...

I couldn't really use

no firewall vlan-group 9 10,20,22,30,32

firewall vlan-group 9 10,22,30,32

because I was concerned about a (however momentary) "blip" in service to the contexts using the remaining vlans. In retrospect, it should have been obvious to try

no firewall vlan-group 9 20

which works.

Larry Owen

1847
Views
5
Helpful
3
Replies