Re: FWSM

From: <Charles.Henson_at_regions.com>
Date: Fri, 3 Apr 2009 15:20:09 -0500

Do a "show vlan" on the switch on the system context and see if it shows up
there. If not, you may have to bounce the FWSM. I've seen where new VLANs
added to FWSMs and ACEs via FW or SVCLC groups don't take affect w/o a
bounce to the service module.

Charles

                                                                                                                                         
  From: Mark Cairns <m.a.cairns_at_gmail.com>
                                                                                                                                         
  To: Ali El Moussaoui <mousawi.ali_at_gmail.com>
                                                                                                                                         
  Cc: Robert Steeneken <r.steeneken_at_gmail.com>, Cisco certification <ccielab_at_groupstudy.com>
                                                                                                                                         
  Date: 04/03/2009 09:04 AM
                                                                                                                                         
  Subject: Re: FWSM
                                                                                                                                         

Ali,

Ali,

VLAN 999 is not being trunked to the FWSM by the switch. Have you
configured
anything on the switch to use vlan 999? An access port in up/up status?
Configured the VLAN and forwarded on a trunk?

Check the following command (just like checking a trunk between switches):

Switch#sh firewall module 1 state
Firewall module 1:

Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 4-50,122,342-344,400-699,997,998
Pruning VLANs Enabled: 2-1001
Vlans allowed on trunk: 4-50,122,342-344,400-699,997-998
Vlans allowed and active in management domain:
4-26,28-30,32,36,39,122,342-344,401-405,410-411,415-416,418,500,600-609,997-998

*Vlans in spanning tree forwarding state and not pruned:

4-26,28-30,32,36,39,122,342-344,401-405,410-411,415-416,418,500,600-609,997-998

*
Switch#

Mark
#17755, Security

On Fri, Apr 3, 2009 at 2:07 AM, Ali El Moussaoui
<mousawi.ali_at_gmail.com>wrote:

> firewall module 1 vlan-group 1
> firewall vlan-group 1 999-1001,1010,1017,1018,1020,2000
>
> The vlan i added was 999 and it is in the vlan database. (sh vlan br)
>
> Ali
>
> On Fri, Apr 3, 2009 at 7:13 AM, Robert Steeneken <r.steeneken_at_gmail.com
> >wrote:
>
> > did you put the firewall vlan group to the FWSM module?
> >
> > firewall module X vlan-group X,X,X
> >
> > On Thu, Apr 2, 2009 at 5:21 PM, Ali El Moussaoui <
> mousawi.ali_at_gmail.com>wrote:
> >
> >> Hello Guys,
> >>
> >> I am new to this FWSM and when i configure a new vlan under "xyz"
> context
> >> i
> >> see the following under sh int
> >> "Available but not assigned from Supervisor"
> >>
> >> I added the vlan to the firewall vlan-group and allocated the vlan for
> the
> >> "xyz" context.
> >>
> >> what am i missing?
> >> Ali
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >>
Received on Fri Apr 03 2009 - 15:20:09 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART