2-8
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 2 Configuring the Switch for the Firewall Services Module
Adding Switched Virtual Interfaces to the MSFC
For transparent firewalls in multiple context mode, you need to use multiple SVIs because each context
requires a unique VLAN on its outside interface (See Figure 2-3). You might also choose to use multiple
SVIs in routed mode so you do not have to share a single VLAN for the outside interface.
Figure 2-3 Multiple SVIs in Multiple Context Mode
Configuring SVIs for Cisco IOS Software on the Supervisor Engine
If you are running Cisco IOS software on the supervisor engine, follow these steps to add an SVI to the
MSFC:
Step 1 (Optional) To allow you to add more than one SVI to the FWSM, enter the following command:
Router(config)# firewall multiple-vlan-interfaces
Step 2 To add a VLAN interface to the MSFC, enter the following command:
Router(config)# interface vlan
vlan_number
Step 3 To set the IP address for this interface on the MSFC, enter the following command:
Router(config-if)# ip address
address mask
Step 4 To enable the interface, enter the following command:
Router(config-if)# no shut
Inside
Customer A
Inside
Customer B
Inside
Customer C
Context A Context B Context C
VLAN 204VLAN 203VLAN 202
VLAN 100
Switch
Internet
Admin
Network
Admin
Context
VLAN 201
VLAN 153VLAN 150
VLAN 152VLAN 151
104667
To Next Page
Loading...
Need help?
General