2-12
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 2 Configuring the Switch for the Firewall Services Module
Managing the Firewall Services Module Boot Partitions
Assigning VLANs to the Secondary Firewall Services Module
Because both units require the same access to the inside and outside networks, you must assign the same
VLANs to both FWSMs on the switch(es). See the “Assigning VLANs to the Firewall Services Module”
section on page 2-2.
Adding a Trunk Between a Primary Switch and Secondary Switch
If you are using inter-switch failover (see the “Module Placement” section on page 15-4), then you need
to configure an 802.1Q VLAN trunk between the two switches. The trunk should have the following
characteristics:
• The trunk must carry all firewall VLANs, including the failover and state VLANs.
• Because this trunk also accommodates FWSM traffic when a module fails, this trunk should be at
least as large as the maximum amount of traffic you expect to be inspected by the FWSM. The
FWSM has an internal 6-Gbps EtherChannel to the switch, so if the FWSM runs at full capacity, the
trunk between the two devices needs to include at least six 1-Gbps interfaces. EtherChannel
aggregates the bandwidth of up to eight compatibly configured ports into a single logical link. If you
do not have the ports to spare, you can create a smaller trunk; however, you might experience
decreased performance.
• The trunk should have QoS enabled so that failover VLAN packets, which have the CoS value of 5
(higher priority), are treated with higher priority in these ports.
To configure the EtherChannel and trunk, see the documentation for your switch.
Ensuring Compatibility with Transparent Firewall Mode
To avoid loops when you use failover in transparent mode, use switch software that supports BPDU
forwarding. Catalyst operating system software release 8.2(1) and Cisco IOS software Release
12.2(17)SXA allow BPDUs automatically.
Managing the Firewall Services Module Boot Partitions
This section describes how to reset the FWSM from the switch, and how to manage the boot partitions
on the Compact Flash card. This section includes the following topics:
• Flash Memory Overview, page 2-13
• Setting the Default Boot Partition, page 2-13
• Resetting the FWSM or Booting from a Specific Partition, page 2-13
To Next Page
Loading...
Need help?
General