Chapter 6
Configuring Interface Parameters
•
Guidelines and Limitations
See the following guidelines for configuring an interface:
Multiple Context Mode Guidelines
•
•
•
•
VLAN ID Guidelines
You can add any VLAN ID to the configuration, but only VLANs that are assigned to the FWSM by the
switch can pass traffic. To view all VLANs assigned to the FWSM, use the show vlan command.
If you add an interface for a VLAN that is not yet assigned to the FWSM by the switch, the interface will
be in the down state. When you assign the VLAN to the FWSM, the interface changes to an up state. See
the show interface command for more information about interface states.
Failover Guidelines
If you are using failover, do not use this section to name interfaces that you are reserving for failover and
Stateful Failover communications. See
state links.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Separate management interface—The management interface is not part of any bridge group. This
interface is especially useful in multiple context mode where you can share a single management
interface across multiple contexts.
See the following guidelines for the management interface:
–
You can have only a single management interface in single mode or per context. Note that some
contexts can use one interface while others can use a different interface, so long as each context
only uses one management interface each.
The management interface IP address can be on a separate network from any bridge group
–
networks, or can be on the same network as a bridge group network.
If you share the interface across multiple contexts, then the interface IP address must be on the
–
same network in each context.
You can only share the management VLAN across multiple transparent contexts; you cannot
–
also share this VLAN with a routed context.
You can only configure context interfaces that you already assigned to the context in the system
configuration using the allocate-interface command.
All allocated interfaces are enabled by default, no matter what the state of the interface is in the
system execution space. However, for traffic to pass through the interface, the interface also has to
be enabled in the system execution space. If you shut down an interface in the system execution
space, then that interface is down in all contexts that share it.
Configure the context interfaces from within each context.
Configure failover interfaces in the system configuration; do not configure failover interfaces with
this procedure. See
Chapter 14, "Configuring Failover,"
Configuring Interfaces for Transparent Firewall Mode
for more information.
Chapter 14, "Configuring Failover,"
to configure the failover and
6-5