Can a FWSM route between 802.1q VLANs?

Discussion in 'Cisco' started by Hoffa, Aug 14, 2006.

  1. Hoffa

    Hoffa Guest

    Greetings

    I'm currently investigating possible configurations of a Cisco 6500
    with MSFC and a newly installed FWSM. The MSFC is currently configured
    mainly for routing between some 802.1q VLANS on our internal network
    with the use of SVIs for the seperate VLANs and subnets.

    My idea is to configure the MSFC as being outside of the FWSM as
    indicated by the various documentations for the FWSM. This will remove
    the MSFC from the VLAN routing task, however I still want to route and
    restric the access between the different VLANs.

    When managing a previous company network I used a Pix 515 to route
    between 802.1q VLANs but I'm unable to find some direct information how
    this is done with the FWSM. My guess is that this is a simple thing
    since you assing VLANs on the 6500 as interfaces on the FWSM but I
    still have to be 100% sure.


    I would appreciate if anyone could provide me with some clarity on
    this. Also if any additional information is needed please let me know

    Regards
    Fredrik Hofgren
     
    Hoffa, Aug 14, 2006
    #1
    1. Advertisements

  2. Hoffa

    Camilo Guest

    Hoffa,

    You would have to configure the different vlans as inside vlans in the
    FWSM. To route between the inside vlasn you would have to choose
    between allow communication between vlans in the same security level or
    provide ACLs for the communications between them.

    Camilo
     
    Camilo, Aug 16, 2006
    #2
    1. Advertisements

  3. Hoffa

    Hoffa Guest

    About the same setup as I have used with a PIX 515 before. Good to know
    Thank you for the answer.

    Regards
    Fredrik Hofgren


    Camilo skrev:
     
    Hoffa, Aug 16, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.