2-5
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 2 Configuring the Switch for the Firewall Services Module
Adding Switched Virtual Interfaces to the MSFC
Assigning VLANs in Catalyst Operating System Software
In Catalyst operating system software, you assign a list of VLANs to the FWSM. You can assign the
same VLAN to multiple FWSMs if desired.
To assign VLANs to the FWSM, enter the following command:
Console> (enable) set vlan
vlan_list
firewall-vlan
mod_num
The vlan_list can be one or more VLANs (1 to 1000 and from 1025 to 4094) identified in one of the
following ways:
• A single number (n)
• A range (n-x)
Separate numbers or ranges by commas. For example:
5,7-10,13,45-100
Note Routed ports and WAN ports consume internal VLANs, so it is possible that VLANs in the 1020-1100
range might already be in use.
This example shows a typical configuration:
Console> (enable) set vlan 55-57
Console> (enable) set vlan 70-85
Console> (enable) set vlan 100
Console> (enable) set vlan 55-57,100
firewall-vlan
5
Console> (enable) set vlan 70-85,100
firewall-vlan
8
To view the VLANs assigned to the FWSM, enter the following command:
Console> show vlan firewall-vlan 5
Secured vlans by firewall module 5
55-57, 100
Adding Switched Virtual Interfaces to the MSFC
A VLAN defined on the MSFC is called a switched virtual interface (SVI). If you assign the VLAN used
for the SVI to the FWSM (see the “Assigning VLANs to the Firewall Services Module” section on
page 2-2), then the MSFC routes between the FWSM and other Layer 3 VLANs.
This section includes the following topics:
• SVI Overview, page 2-6
• Configuring SVIs for Cisco IOS Software on the Supervisor Engine, page 2-8
• Configuring SVIs for Catalyst Operating System Software on the Supervisor Engine, page 2-9
To Next Page
Loading...
Need help?
General