[c-nsp] traffic flow in 6500 switch with FWSM and MPLS VPN

Ramcharan, Vijay A vijay.ramcharan at verizonbusiness.com
Fri Nov 16 09:19:37 EST 2007


Vikas, I've found it immensely helpful to think of the FWSM as a
separate device (as in PIX) that is just connected to the switch by
means of the associated VLANs rather than physical cables. In my early
experience with the FWSM I had trouble separating the FWSM from the
switch when thinking of traffic flow. 

Whatever layer 3 config you have on the switch as such, won't be
associated with the FWSM and will work if you consider the FWSM as just
another next hop. There are probably scenarios where this may not hold
true but I have not run into one of those as yet. 
 
Vijay Ramcharan 
 


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Rathlev
Sent: Friday, November 16, 2007 5:56 AM
To: cisco-nsp
Subject: Re: [c-nsp] traffic flow in 6500 switch with FWSM and MPLS VPN

On Fri, 2007-11-16 at 12:28 +0530, Vikas Sharma wrote:
> The link shows me the option of configuring multiple SVIs but my
>  question is if i assigned these vlans to VRF created on 6509, will
>  fwsm understand this?

I don't know if it's depends on HW/Supervisor/IOS, but yes, you can put
your local SVI's in VRF's. We have a setup with a Cat6506E with Sup32
running IOS 12.2(18)SXF6 with VRF-enabled SVI's in firewall vlan-groups.

Technically I don't think the FWSM cares whether the interface is
VRF-enabled or not. I just sees some ethernet traffic on some VLANs. But
test it first. :-)

Regards,
Peter Rathlev


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list