Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM module in a L3 design

Has someone experience with a FWSM module in a L3 design network.

We have 3 different layers, access layer with 3550 and 2950 switches. The second layer (distribution Layer) is a Cisco 6509 with FWSM and CSM module and 2 16 ports GE modules. The last layer (core layer) are 3550. We do not use vlans or spanning tree. This design is full Layer3.

Now we want to use the FWSM module, but than i need to configure vlans to get access .

I configured one vlan on the 6509 and can connect to the fwsm (telnet, pdm).

But how do i configure that some ip traffic goes through the fwsm . I have different subnets in my core and access layer.

My second problem is to configure FWSM failover.

We have a second 6509 with a second FWSM and CSM module. I have configured the FWSM and MSFC following the installation guide. But when i do a sh vlan on the FWSM , i do not see vlan 4000 that is responsible for the failover.

I get a message that vlan 4000 is not configured.

Where do i need to configure this vlan ?

I do already have a vlan 31 for my svi (telnet, pdm to the FWSM).

Please contact me if you need more information.

2 REPLIES
Cisco Employee

Re: FWSM module in a L3 design

Hi,

For every subnet in your network a VLAN needs to be defined. Then on the switch you need to configure those vlans to be secures, so that all traffic go through the FWSM.

For your second problem. It seems like you dont have VTP configured that is why you dont see vlan 4000. In that case you need to manually create vlan 4000 on the other switch.

Thanks

Nadeem

New Member

Re: FWSM module in a L3 design

Nadeem,

Oke i understand, but i can not configure a vlan 4000 ! So i create a vlan 999. Now i can ping from one FWSM to another. But when i configure failover, it does not work.

280
Views
0
Helpful
2
Replies
CreatePlease login to create content