Re: Filtering traffic from Multiple VLANs in a single Virtual

From: Akhtar Rasool (akhtar.samo@gmail.com)
Date: Tue Feb 12 2008 - 02:23:48 ARST

• Next message: Radioactive Frog: "Re: Traffic extremely slow in one direction"
• Previous message: Church, Charles: "RE: Banner command"
• Maybe in reply to: Akhtar Rasool: "Filtering traffic from Multiple VLANs in a single Virtual"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Joseph, this has been already done for module 1...as firewall module is
installed in mod 1......any other clue??

Regards,

Akhtar

On Feb 11, 2008 11:20 PM, Joseph Brunner <joe@affirmedsystems.com> wrote:

> Make sure the big catalyst has these commands
>
> firewall module 4 vlan-group 1,2
> firewall vlan-group 1 <mgmt vlan#)
> firewall vlan-group 2 30,50,56
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Akhtar Rasool
> Sent: Monday, February 11, 2008 10:20 AM
> To: Cisco certification
> Subject: Filtering traffic from Multiple VLANs in a single Virtual Context
> on CAT-6509E FWSM Module.....
>
> Hi all,
>
> Can we use a single Virtual Context for filtering traffic from Multiple
> VLANs. It should be any how possible b/c we are having a license of only
> 20
> or 22 Virtual Contexts & lots Customer VLANs.
>
> I tried to make a 2nd SVI(int Vlan56) an Internal interface but its not
> working......... Do help me out so that this context(Companyxyz-Internal)
> fiters traffic for multiple VLANs.
>
> FWSM Firewall Version 3.2(2)
>
> CFWSM-FW# sh run
>
> interface Vlan30
> description CUSTOMER-1
> !
> interface Vlan50
> description External
>
> interface Vlan56
> description CUSTOMER-2
>
> admin-context Companyxyz-Internal
> context Companyxyz-Internal
> description admin-context Companyxyz-Internal
> allocate-interface Vlan30
> allocate-interface Vlan56
> allocate-interface Vlan50
> config-url disk:/Companyxyz-Internal
> join-failover-group 1
>
> CFWSM-FW# changeto context Companyxyz-Internal
> CFWSM-FW/Companyxyz-Internal#sh run
>
> interface Vlan30
> nameif inside
> security-level 100
> ip address 172.16.33.1 255.255.255.0 standby 172.16.33.2
> !
> interface Vlan50
> nameif outside
> security-level 0
> ip address 172.16.66.4 255.255.255.248 standby 172.16.66.5
>
> interface Vlan56
> no nameif
> no security-level
> no ip address
>
> CFWSM-FW/Companyxyz-Internal(config)# int vlan 56
> **** WARNING ****
> Configuration Replication is NOT performed from Standby unit to Active
> unit.
> Configurations are no longer synchronized.
> CFWSM-FW/Companyxyz-Internal(config-if)# nameif inside
> WARNING: VLAN *56* is not configured.
> *ERROR: Name "inside" has been assigned to interface Vlan51
> *CFWSM-FW/Companyxyz-Internal(config-if)#
>
>
>
> Regards,
>
> Akhtar
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Radioactive Frog: "Re: Traffic extremely slow in one direction"
• Previous message: Church, Charles: "RE: Banner command"
• Maybe in reply to: Akhtar Rasool: "Filtering traffic from Multiple VLANs in a single Virtual"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:48 ARST