16.1.2 is assigned, which will be used as the default gateway on the FWSM. Only one SVI is
created on the router for VLAN 101. (Do not configure SVI for VLAN 10, 20, or 30, because it will cause inter-
VLAN routing, causing traffic to pass around the FWSM and thereby bypass it.) For this security reason, by
default, only one SVI can exist between the router and the FWSM. Continue the configuration on the FWSM side.
Corresponding VLANs are mapped with the nameif command, and IP addresses are assigned accordingly.
Figure 6-24. Configuring FWSM Basic Setup
[View full size image]
Note
The examples shown in this chapter are based on Cisco IOS Software output only. Refer to Cisco
documentation for CatOS (Hybrid mode).
Use the show firewall vlan-group command to view the group configuration and the show firewall module
to view VLAN group numbers for all modules.
After the basic configuration is finished, as shown in Figure 6-24, the FWSM can be managed in a manner that is
similar to the PIX firewall. All firewall features such as mode (router or transparent), single or multiple contexts,
network address translation, IP routing, failover, and all other firewall functions are more or less similar and are
configured in the same way as the PIX firewall, as shown in earlier sections.
Pages:
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334