Re: [c-nsp] FWSM Deployment

Thu, 12 Apr 2007 08:35:51 -0700 

1.  use the documentation as to the placement.  Sup720 on a 6509 go in
slot  5 and 6.  about where the FWSM has to go.... Mine's in slot 2

2.  on the 6509 you have it.  

firewall multiple-vlan-interfaces
firewall module 2 vlan-group 2,500
firewall vlan-group 2  x,y,z,AA,BB
firewall vlan-group 500  A,B,C,xx,yy,zz

3.  one SVI is used as the VLAN to interact with the FWSM

IE.  Vlan 100 is used on both the MSFC and the FWSM this Vlan is how all
traffic goes from one to the other.

The only other requirement is that the vlan's are setup on the sup and
passed to the FWSM.  

The FWSM has all the "SVI" interfaces for the vlan's you pass.  

Behind vs in front is based on network topology.

Hope that helps.

Scott

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Tohill
Sent: Wednesday, March 14, 2007 4:32 AM
To: [EMAIL PROTECTED]
Subject: [c-nsp] FWSM Deployment

Hi,
 
We have 2 x 6500's with single Sup720's running native IOS 12.2(18)SXF4
and intend to deploy the FWSM running 3.2 software.
 
Despite the 3.2 configuration guide being fairly good at describing the
placement of MSFC with regard to FWSM etc., can any one help regarding
the following:
 
1. Placement of FWSM with regard to MSFC, the pros and cons.
2. In a routed single-context mode, what is the requirement to getting
traffic to the blade, above and beyond the firewall 'vlan-group
<firewall-group> <vlan-range>' and 'firewall module <module> vlan-group'
commands?
3. What exactly dictates whether the FWSM in in front of or behind the
MSFC? Is it the order of the VLAN ID's?
 
I'm confused. Any help appreciated.
 
Thanks,
Mark
 
Mark Tohill
UTV Internet
E:[EMAIL PROTECTED] <blocked::mailto:[EMAIL PROTECTED]> 
 
_______________________________________________
cisco-nsp mailing list  [EMAIL PROTECTED]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  [EMAIL PROTECTED]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to