RE: FWSM from Tomi Amao on 2009-04-06 (Ccielab archives 04/2009)

From: Tomi Amao <tomiground_at_hotmail.com>
Date: Mon, 6 Apr 2009 08:29:24 +0100

Hi,

how do you force traffic to flow through the FWSM and then through the ACE
module before hitting the application servers behind the ACE module.
Thanks.

Regards,

Tomi

> Date: Fri, 3 Apr 2009 10:00:10 -0400
> Subject: Re: FWSM
> From: m.a.cairns_at_gmail.com
> To: mousawi.ali_at_gmail.com
> CC: r.steeneken_at_gmail.com; ccielab_at_groupstudy.com
>
> Ali,
>
> Ali,
>
> VLAN 999 is not being trunked to the FWSM by the switch. Have you
configured
> anything on the switch to use vlan 999? An access port in up/up status?
> Configured the VLAN and forwarded on a trunk?
>
> Check the following command (just like checking a trunk between switches):
>
> Switch#sh firewall module 1 state
> Firewall module 1:
>
> Switchport: Enabled
> Administrative Mode: trunk
> Operational Mode: trunk
> Administrative Trunking Encapsulation: dot1q
> Operational Trunking Encapsulation: dot1q
> Negotiation of Trunking: Off
> Access Mode VLAN: 1 (default)
> Trunking Native Mode VLAN: 1 (default)
> Trunking VLANs Enabled: 4-50,122,342-344,400-699,997,998
> Pruning VLANs Enabled: 2-1001
> Vlans allowed on trunk: 4-50,122,342-344,400-699,997-998
> Vlans allowed and active in management domain:
>
4-26,28-30,32,36,39,122,342-344,401-405,410-411,415-416,418,500,600-609,997-9
98
> *Vlans in spanning tree forwarding state and not pruned:
>
>
4-26,28-30,32,36,39,122,342-344,401-405,410-411,415-416,418,500,600-609,997-9
98
> *
> Switch#
>
> Mark
> #17755, Security
>
> On Fri, Apr 3, 2009 at 2:07 AM, Ali El Moussaoui
<mousawi.ali_at_gmail.com>wrote:
>
> > firewall module 1 vlan-group 1
> > firewall vlan-group 1 999-1001,1010,1017,1018,1020,2000
> >
> > The vlan i added was 999 and it is in the vlan database. (sh vlan br)
> >
> > Ali
> >
> > On Fri, Apr 3, 2009 at 7:13 AM, Robert Steeneken <r.steeneken_at_gmail.com
> > >wrote:
> >
> > > did you put the firewall vlan group to the FWSM module?
> > >
> > > firewall module X vlan-group X,X,X
> > >
> > > On Thu, Apr 2, 2009 at 5:21 PM, Ali El Moussaoui <
> > mousawi.ali_at_gmail.com>wrote:
> > >
> > >> Hello Guys,
> > >>
> > >> I am new to this FWSM and when i configure a new vlan under "xyz"
> > context
> > >> i
> > >> see the following under sh int
> > >> "Available but not assigned from Supervisor"
> > >>
> > >> I added the vlan to the firewall vlan-group and allocated the vlan for
> > the
> > >> "xyz" context.
> > >>
> > >> what am i missing?
> > >> Ali
> > >>
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >>
Received on Mon Apr 06 2009 - 08:29:24 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART