This section describes how to assign VLANs to the FWSM. The FWSM does not include external
physical interfaces. Instead, it uses VLAN interfaces. Assigning VLANs to the FWSM is similar to assigning a
VLAN to a switch port, in that the FWSM includes an internal interface to the Switch Fabric Module (if present) or
the shared bus.
Perform the following basic steps to initialize the FWSM:
Step 1. Define the VLANs on the switch VLAN database and assign the VLANs to switch ports.
Step 2. Assign (push) the VLANs to the FWSM by using the firewall vlan-group command, and assign the
firewall group to the FWSM by using the firewall module command.
Step 3. Create a Switched Virtual Interface (SVI) on the MSFC.
Step 4. On the FWSM, use the nameif command to assign the SVI to the corresponding FWSM interface,
and assign an IP address on the FWSM interfaces using the ip address command.
Figure 6-24 shows an example of how to set up a basic firewall configuration with the router on the outside. The
example creates four VLANs on the switch (VLAN 10, 20, 30, and 101), assigns the VLANs to the firewall VLAN
group 1, and assigns group 1 to the FWSM in slot 5. VLAN 101 is the SVI created on the router, and the IP
address 172.
Pages:
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333