2-4
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 2 Configuring the Switch for the Firewall Services Module
Assigning VLANs to the Firewall Services Module
To assign VLANs to the FWSM, follow these steps:
Step 1 To assign VLANs to a firewall group, enter the following command:
Router(config)# firewall vlan-group
firewall_group vlan_range
The vlan_range can be one or more VLANs (1 to 1000 and from 1025 to 4094) identified in one of the
following ways:
• A single number (n)
• A range (n-x)
Separate numbers or ranges by commas. For example, enter the following numbers:
5,7-10,13,45-100
Note Routed ports and WAN ports consume internal VLANs, so it is possible that VLANs in the 1020-1100
range might already be in use.
Step 2 To assign the firewall groups to the FWSM, enter the following command:
Router(config)# firewall module
module_number
vlan-group
firewall_group
The firewall_group is one or more group numbers:
• A single number (n)
• A range (n-x)
Separate numbers or ranges by commas. For example, enter the following numbers:
5,7-10
This example shows how you can create three firewall VLAN groups: one for each FWSM, and one that
includes VLANs assigned to both FWSMs. See the “Prerequisites” section on page 2-3 for more
information about adding VLANs to the switch.
Router(config)# vlan 55-57,70-85,100
Router(config-vlan)# exit
Router(config)# firewall vlan-group 50 55-57
Router(config)# firewall vlan-group 51 70-85
Router(config)# firewall vlan-group 52 100
Router(config)# firewall module 5 vlan-group 50,52
Router(config)# firewall module 8 vlan-group 51,52
To view the group configuration, enter the following command:
Router# show firewall vlan-group
Group vlans
----- ------
50 55-57
51 70-85
52 100
To view VLAN group numbers for all modules, enter the following command:
Router# show firewall module
Module Vlan-groups
5 50,52
8 51,52
To Next Page
Loading...
Need help?
General