Re: FWSM from Mark Cairns on 2009-04-03 (Ccielab archives 04/2009)

From: Mark Cairns <m.a.cairns_at_gmail.com>
Date: Fri, 3 Apr 2009 10:00:10 -0400

Ali,

VLAN 999 is not being trunked to the FWSM by the switch. Have you configured
anything on the switch to use vlan 999? An access port in up/up status?
Configured the VLAN and forwarded on a trunk?

Check the following command (just like checking a trunk between switches):

Switch#sh firewall module 1 state
Firewall module 1:

Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 4-50,122,342-344,400-699,997,998
Pruning VLANs Enabled: 2-1001
Vlans allowed on trunk: 4-50,122,342-344,400-699,997-998
Vlans allowed and active in management domain:
4-26,28-30,32,36,39,122,342-344,401-405,410-411,415-416,418,500,600-609,997-998
*Vlans in spanning tree forwarding state and not pruned:

4-26,28-30,32,36,39,122,342-344,401-405,410-411,415-416,418,500,600-609,997-998
*
Switch#

Mark
#17755, Security

On Fri, Apr 3, 2009 at 2:07 AM, Ali El Moussaoui <mousawi.ali_at_gmail.com>wrote:

> firewall module 1 vlan-group 1
> firewall vlan-group 1 999-1001,1010,1017,1018,1020,2000
>
> The vlan i added was 999 and it is in the vlan database. (sh vlan br)
>
> Ali
>
> On Fri, Apr 3, 2009 at 7:13 AM, Robert Steeneken <r.steeneken_at_gmail.com
> >wrote:
>
> > did you put the firewall vlan group to the FWSM module?
> >
> > firewall module X vlan-group X,X,X
> >
> > On Thu, Apr 2, 2009 at 5:21 PM, Ali El Moussaoui <
> mousawi.ali_at_gmail.com>wrote:
> >
> >> Hello Guys,
> >>
> >> I am new to this FWSM and when i configure a new vlan under "xyz"
> context
> >> i
> >> see the following under sh int
> >> "Available but not assigned from Supervisor"
> >>
> >> I added the vlan to the firewall vlan-group and allocated the vlan for
> the
> >> "xyz" context.
> >>
> >> what am i missing?
> >> Ali
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 03 2009 - 10:00:10 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART