Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure FWSM to secure hosts in different VLANs

Resolution

In version 3.x and later, the ability to secure different Virtual Local Area Networks (VLANs) with bridge groups is introduced. The limit on this is eight bridge groups in single mode. In this example, a transparent firewall connects the same network on its inside and outside interfaces. Each pair of interfaces belongs to a bridge group, to which you must assign a management IP address. You can configure up to eight bridge groups on two interfaces each. Each bridge group connects to a separate network. Bridge group traffic is isolated from other bridge groups; traffic is not routed to another bridge group within the Firewall - modules (FWSM), and traffic must exit the FWSM before it is routed by an external router back to another bridge group in the FWSM. 

Note: This feature can be used in Transparent mode as well as Routed firewall mode.

In order to secure hosts on different VLANs, refer to this configuration example:

     interface vlan100
         nameif outside1
         security-level 0
         bridge-group 1
     
     interface vlan101
         nameif inside1
         security-level 100
         bridge-group 1
     
     interface bvi1
         ip address 10.1.1.1 255.255.255.0
     
     interface vlan150
         nameif outside2
         security-level 0
         bridge-group 2
     
     interface vlan151
         nameif inside2
         security-level 100
         bridge-group 2
     
     interface bvi2
         ip address 10.1.2.1 255.255.255.0


Refer to Configuring Interfaces Parameters for more information on the bridge-group and the Bridge Group Virtual Interface (BVI) interface.

1827
Views
0
Helpful
0
Comments