Chapter 6
Configuring Interface Parameters
Configuring Intra-Interface Communication
You can configure the FWSM to enable communication between two hosts on the same interface. Before
you can enable this feature, you must first correctly configure the MSFC so that packets are sent to the
FWSM MAC address instead of being sent directly through the switch to the destination host.
shows a network where hosts on the same interface need to communicate. The following samples show
the route-map command used to enable policy routing on the MSFC in the network shown in
Router(config)# route-map intra-inter3 permit 0
Router(config-route-map)# match ip address 103
Router(config-route-map)# set interface Vlan20
Router(config-route-map)# set set ip next-hop 10.6.34.7
Router(config)# route-map intra-inter2 permit 20
Router(config-route-map)# match ip address 102
Router(config-route-map)# set interface Vlan20
Router(config-route-map)# set set ip next-hop 10.6.34.7
Router(config)# route-map intra-inter1 permit 10
Router(config-route-map)# match ip address 101
Router(config-route-map)# set interface Vlan20
Router(config-route-map)# set set ip next-hop 10.6.34.7
Figure 6-2
Host
When you enable communication between two hosts on the same interface, keep in mind the following
requirements:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Communication Between Hosts on the Same Interface
Vlan70
IP cloud-1
10.6.36.0
Outside NAT is not supported.
You can configure static routes from one interface to another on the same security level.
Allowing Communication Between Interfaces on the Same Security Level
Host
IP cloud-2
Vlan60
10.6.37.0
MSFC
Vlan10
10.6.35.0
SVI, Vlan20
10.6.34.0
FWSM
IP cloud-3
Host
Figure 6-2
Figure
6-2:
6-11