[c-nsp] FWSM Deployment

[Voll, Scott]

1.  use the documentation as to the placement.  Sup720 on a 6509 go in
slot  5 and 6.  about where the FWSM has to go.... Mine's in slot 2

2.  on the 6509 you have it.  

firewall multiple-vlan-interfaces
firewall module 2 vlan-group 2,500
firewall vlan-group 2  x,y,z,AA,BB
firewall vlan-group 500  A,B,C,xx,yy,zz

3.  one SVI is used as the VLAN to interact with the FWSM

IE.  Vlan 100 is used on both the MSFC and the FWSM this Vlan is how all
traffic goes from one to the other.

The only other requirement is that the vlan's are setup on the sup and
passed to the FWSM.  

The FWSM has all the "SVI" interfaces for the vlan's you pass.  

Behind vs in front is based on network topology.

Hope that helps.

Scott

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mark Tohill
Sent: Wednesday, March 14, 2007 4:32 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] FWSM Deployment

Hi,
 
We have 2 x 6500's with single Sup720's running native IOS 12.2(18)SXF4
and intend to deploy the FWSM running 3.2 software.
 
Despite the 3.2 configuration guide being fairly good at describing the
placement of MSFC with regard to FWSM etc., can any one help regarding
the following:
 
1. Placement of FWSM with regard to MSFC, the pros and cons.
2. In a routed single-context mode, what is the requirement to getting
traffic to the blade, above and beyond the firewall 'vlan-group
<firewall-group> <vlan-range>' and 'firewall module <module> vlan-group'
commands?
3. What exactly dictates whether the FWSM in in front of or behind the
MSFC? Is it the order of the VLAN ID's?
 
I'm confused. Any help appreciated.
 
Thanks,
Mark
 
Mark Tohill
UTV Internet
E:mark at u.tv <blocked::mailto:mark at u.tv> 
 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/