What is FWSM?
The Cisco Firewall Services Module (FWSM) is an integrated module for the Catalyst 6500 Series switch and the Cisco 7600 Series Internet router. By providing firewall functionality on a line card, the operation of the firewall can be tightly integrated into the normal switch operation, thus providing a robust security infrastructure.
Cisco Firewall Services Module Overview:
The Cisco Firewall Services Module (FWSM) is a high-performance firewall solution, providing 5 gigabits per second (Gbps) of throughput from a single FWSM. Combining multiple modules in a single chassis enables you to scale this throughput to 20 Gbps. Some features of the FWSM include the following:
- Is fully virtual LAN (VLAN) aware
- Supports dynamic routing
- Integrates firewall functionality and switching in a single chassis
- Supports the entire Cisco PIX Firewall Version 6.0 feature set and some Version 6.2 features
- Allows up to 1 million concurrent connections
- Supports 5-Gbps throughout
- Enables multiple FWSMs per chassis
- Supports intrachassis and interchassis stateful failure
- Provides multiple management options
Resolution
This issue occurs because the Cisco Firewall Services Module (FWSM) does not support packet re-circulation. Packet re-circulation is a specific means to forward packets internally to the chassis between the modules.
To perform the recommended solution, follow these steps:
For native Cisco IOS systems, upgrade to release 12.2(17d)SXB7, 12.2(18)SXE1 or later versions.
This command forces all affected service modules to communicate through the chassis shared bus instead of the switched fabric (which forces the Supervisor to handle the packet re-circulation centrally instead of the service module). This command also allows the service modules to communicate properly on VLANs.
For more information about this issue, refer to Field Notice: FN - 61935 - Catalyst 6500 Series and 7600 Series Service Module Incompatibility With Distributed EtherChannel and Packet Re-Circulation