EasyManuals Logo

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #320 background imageLoading...
Page #320 background image
17-6
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 17 Monitoring and Troubleshooting the Firewall Services Module
Troubleshooting the Firewall Services Module
Step 2 To enable ICMP to the FWSM, enter the following command:
FWSM/contexta(config)# icmp permit any
interface_name
Enter this command for each interface you want to test.
Step 3 Ping each FWSM interface from the directly connected routers. For transparent mode, ping the
management IP address.
This test ensures that the FWSM interfaces are active and that the VLAN configuration is correct.
A ping might fail if the FWSM interface is not active, the VLAN configuration is incorrect, or if a switch
between the FWSM and router is down (see Figure 17-2). In this case, no debug messages or system
messages appear on the FWSM, because the packet never reaches it.
Figure 17-2 Ping Failure at FWSM Interface
If the ping reaches the FWSM, and the FWSM responds, you see debug messages like the following:
ICMP echo reply (len 32 id 1 seq 256) 209.165.201.1 > 209.165.201.2
ICMP echo request (len 32 id 1 seq 512) 209.165.201.2 > 209.165.201.1
If the ping reply does not return to the router, then you might have a switch loop or redundant IP
addresses. (See Figure 17-3.)
Figure 17-3 Ping Failure Because of IP Addressing Problems
Step 4
Ping each FWSM interface from a remote host. For transparent mode, ping the management IP address.
This test checks that the directly connected router can route the packet between the host and the FWSM,
and that the FWSM can correctly route the packet back to the host.
A ping might fail if the FWSM does not have a route back to the host through the intermediate router
(see Figure 17-4). In this case, the debug messages show that the ping was successful, but you see system
message 110001 indicating a routing failure.
Figure 17-4 Ping Failure Because the FWSM has no Route
Ping
FWSMRouter
104687
192.168.1.1192.168.1.2
192.168.1.2
Ping
Router FWSM
Host
104688
Ping
RouterHost
?
FWSM
104683

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Preview: Command Reference
Command Reference160 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Configuration Note
Configuration Note212 pages
Preview: Installation Note
Installation Note36 pages
Preview: Hardware Installation Guide
Hardware Installation Guide134 pages
Preview: Troubleshooting
Troubleshooting10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals