Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CBAC

Hi, I want to confirm on thing. Firewall module is mandatory to enable CBAC ?

5 REPLIES
Super Bronze

Re: CBAC

Depends what you mean by "firewall module". On software based routers, you'll need an IOS that includes the firewall feature set. On somthing like the 6500, believe you'll need the FWSM (firewall service module - hardware).

Community Member

Re: CBAC

It is fine with 6500 switch having fwsm module. What about 3600/2800 router where I have not purchased any Firewall module .. Can I configure CBAC ?

Super Bronze

Re: CBAC

"What about 3600/2800 router where I have not purchased any Firewall module .. Can I configure CBAC ?"

If the IOS supports the firewall feature set (and CBAC), yes.

Community Member

Re: CBAC

One more qn for Failover on 6500 FWSM module. Failover vlan should be created on local switch.

"failover lan interface FAILOVER vlan 995

failover link STATEFUL vlan 996".

I am not seeing any vlan 995/996 on local switch ?

Hall of Fame Super Silver

Re: CBAC

Hello Rupesh,

these Vlans 995 and 996 need to exist only at layer2 on the chassis supervisor.

They are L2 trunked to the internal 6 GE etherchannel between chassis and FWSM.

you should use a dedicated physical GE link in vlan 995 between the two chassis

and another GE link for vlan 996 between the two chassis.

Avoid to have vlans 995 and 996 carried on the L2 generic trunk between chassis (that would be preferred by STP if it is 10GE or bundle of multiple GE) or modify STP costs for each vlan so that it is not preferred.

Hope to help

Giuseppe

144
Views
0
Helpful
5
Replies
CreatePlease to create content