5-20
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 5 Managing Security Contexts
Configuring a Security Context
Step 2 (Optional) To add a description for this context, enter the following command:
FWSM(config-context)# description
text
Step 3 To specify the VLAN interfaces you can use in the context, enter the following command:
FWSM(config-context)# allocate-interface vlan
number
[-vlan
number
] [
map_name
[-
map_name
]]
You can enter this command multiple times to specify different ranges. For transparent firewall mode,
you can only use two interfaces per context.
Enter a VLAN number or a range of VLANs, typically from 1 to 1000 and from 1025 to 4094 (see the
switch documentation for supported VLANs). You can assign the same VLANs to multiple contexts, if
desired. See the “Sharing Resources and Interfaces Between Contexts” section on page 5-5 for more
information about shared VLAN limitations.
The map_name is an alphanumeric alias for the VLAN interface that can be used within the context
instead of the VLAN number. If you do not specify a mapped name, the VLAN number is used within
the context. For security purposes, you might not want the context administrator to know which VLANs
are being used by the context. Instead of using the VLAN number in the nameif command, for example,
you can use the mapped name.
A mapped name must start with a letter, end with a letter or digit, and have as interior characters only
letters, digits, or an underscore. For example, you can use the following names:
int0
inta
int_0
If you specify a range of VLAN IDs, you can specify a matching range of mapped names. Follow these
guidelines for ranges:
• The mapped name must consist of an alphabetic portion followed by a numeric portion. The
alphabetic portion of the mapped name must match for both ends of the range. For example, enter
the following range:
int0-int10
• The numeric portion of the mapped name must include the same quantity of numbers as the
vlanx-vlany statement. For example, both ranges include 100 interfaces:
vlan100-vlan199 int1-int100
If you enter vlan100-vlan199 int1-int15 or vlan100-vlan199 happy1-sad5, for example, the
command fails.
The following example shows VLANs 100, 200, and 300 through 305 assigned to the context. The
mapped names are int1 through int8.
FWSM(config-context)# allocate-interface vlan100 int1
FWSM(config-context)# allocate-interface vlan200 int2
FWSM(config-context)# allocate-interface vlan300-vlan305 int3-int8
Step 4 To identify the URL from which the system downloads the context configuration, enter the following
command:
FWSM(config-context)# config-url
url
When you add a context URL, the system immediately loads the context so that it is running.
To Next Page
Loading...
Need help?
General