Cisco Security :: Configure FWSM Module In Core Switch 6500
Mar 9, 2007how to configure FWSM module in cisco core switch 6500
View 2 Replies
ADVERTISEMENT
Cisco Application :: Configure New ACE 30 Module On Top Of 6500 Core Switch
Jan 12, 2013i have configure new ACE 30 module on top of 6500 core switch , the issues am facing whenver i want to access to https://ACE_IP and after i enter the user name and the password , it's forwared me to the follwoing page: is there anything should i configure to avoid this page ?
View 1 Replies View RelatedCisco Firewall :: 6500 FWSM Module Upgrade Recommendation
Aug 24, 2011I'm looking at upgrading our FWSM modules in our 6500's. They're the WS-SVC-FWM-1 modules.
We're running on version 3.2(12) at the moment and I'm looking to jump up to 4. Any recommendations around whether I should to go to 4.1(6) or 4.0(16)? There aren't any features in particular that I would need in 4.1 but want a good stable base to sit on for 12 months until I look at this exercise all over again.
Cisco Security :: Mini Data Center Design Of 6500 With FWSM
Mar 2, 2012I have some doubts about the best solution for the design of a mini data center.In the data center there is a 6500 with FWSM module installed, there are some vlans created, all of them in the fwsm module. For example, a back end server to communicate with a server in the front end must always pass through the firewall. My question is, all these flows passing in the firewall does not degrade the speed of communication?What is the best practice, just pass the communications with the WAN in the firewall, and the vlan communication between front end and back end is only set up in 6500?
View 6 Replies View RelatedCisco Switching/Routing :: 6500 - Power Off Core Switch?
May 31, 2012we need to relocate our core switch 6500 with sup 720 to another bldg
what is the command to gracefully shut it down I mean power off
I was told one can just switch off the power
Cisco :: Flash File Location In 6500 Core Switch?
Apr 18, 2013what is location of flash file in 6500 Series switch and how can we take back of IOS image for 6500 series.
View 4 Replies View RelatedCisco WAN :: 6500 / 6513E - Filtering Core Switch Ports?
Apr 15, 2013Nowadays i have a project @ my work , the project consists of replacing our Cisco 6500 Core Switch with two other Core switches 6513E .
Is there is any tool to filter which port is connected to which server with its mac address and IP?
Cisco Firewall :: 6500 Can Shutdown Vlan1 On Switch And Still Communicate With FWSM
Jun 17, 2012It is my understanding that the FWSM for the 6500 series switches uses a 6 port Etherchannel on the backplane to communicate with the 6500 series switch.Can you shutdown vlan1 on the switch and still communicate with the FWSM? I was under the impression that you could not (although I am looking at a config with it shutdown)
View 1 Replies View RelatedCisco Switching/Routing :: 6500 - Changing VTP Mode Of A Core Switch
Oct 14, 2012We have two 6500 core switches and one(primary) of them is running in VTP transparesnt mode and the other (secondary) one is running in VTP client mode. I would like to change the VTP mode of the second switch to transparent mode. Would it cause any issue. I guess i have to create VLANs onto the switch.
View 7 Replies View RelatedCisco Switching/Routing :: Migrating Core Switch From 3750 To 6500?
Jun 5, 2013I am planning to migrate the core switch from cisco 3750 to Cisco catalysts 6513 switch. What could be the best approach to minimize the downtime or avoid disrupting the production. I have couple of thoughts, one method is to build the core and then replace the existing core, another option is to build the new switch as the second VTP server and once it recieves all the VTP information then disconnect the old server.
View 6 Replies View RelatedCisco WAN :: 3750 - Use Two Core Switch 6500 With Single Mode Fiber As Transport Equipment?
Nov 30, 2012I have a requirement to connect two 3750 switch with 10G speed between two sites with 150km distance. We will lay-out our own fiber (48 core) between two sites. I just want to consult the following:
1. Could i use two core switch 6500 with single mode fiber as a transport equipment?
2. Or i need to use SDH equipment because of the distance concern? If so do i need a repeater?Could i use Cisco Metro Core ONS, which one?
3. Any other option to achieve this requirement?
Cisco Application :: Possible To Modify Configure With Snmp On Ace Module Like Others 6500 Catalyst
Apr 12, 2012Is it possible to modify conf with snmp on ace module like others 6500 catalyst ?Is ace answer to snmpset cmds ?
View 1 Replies View RelatedCisco Security :: WS-C3560X-24 Needs To Be Connected With Another Core Switch
Dec 5, 2012I got new task moving WS-3560X24 port layer 3 core switch from one branch to be moved to my branch and connect WS3560 layer 3 core switch my site network. Both core switch has got 3-4 cisco 2960 switch underneath and lots of vlan offcourse. I am thinking about creating etherchannel between these two switch.
View 2 Replies View RelatedCisco Switching/Routing :: 6500 Ping Packet Drop From Core-Switch To Directly Connected Server
Oct 24, 2011I have an Cisco 6500 CS and there is a Cisco Unified Communication Manger Server connected directly to the Core Switch.I tried to change duplex and speed ( fix and auto ) for both sides, but the same problem.
View 9 Replies View RelatedCisco Switching/Routing :: Any Challenge To Upgrade Core Switch 6500 Series From Nexus 7009 Which Runs NxOS
Jan 28, 2013Is there any challenge to upgrade core switch 6500 series from Nexus 7009 which runs NxOS, because i have 3750X series switches connected at distribution and access layer in my network topology??
Is there any challenge if we place NxOS in core and IOS in distribution and Access layer??? how we are able to match sh run config in existing 6500 switch to Nexus 7009 NXOS?
Cisco Switching/Routing :: How To Configure 1 Core Switch 4500
Jun 2, 2013i configure the uplinks as etherchannel, i configure two svi interface on core switch int vlan 51(192.168.51.1) and int vlan 50(192.168.50.0) for this two svi int i configured two dhcp pool , when any of the pc is requesting for dhcp add i am getting dhcp request failed/
View 7 Replies View RelatedCisco Security :: 3560 - Configure Encryption With MACsec Switch To Switch?
Jun 28, 2012I have a problem, i would like todo MACSEC betwwen two switches cisco catalyst 3560-x but I know that for this operation i needed ACS server 5.1 is it possible to encryp dataflow without ACS server and if you have the configuration
View 7 Replies View RelatedCisco Switching/Routing :: 1941 Port-Security With Router Switch Module
Feb 29, 2012I have a 1941 that I am going to deploy with a HWIC-D-9ESW switch module (I only need 3 switch ports but need the PoE). I am going to hang a 1262 autonomous AP off one of the ports but I need to configure MAC address port-security so that only that AP can pass traffic. I know the switch modules are 'almost' exactly like a switch for commands but I can't seem to enable or configure any port-security settings. Is port-security no available on the switch modules?
View 3 Replies View RelatedCisco :: Module In CW To Get MAC Address And IP Address Of All Switch Ports On 6500
Oct 13, 2009Is it possible using any module in CW to get the MAC address and IP address of all switchports on a 6500?
View 6 Replies View RelatedCisco Switching/Routing :: 6500 Configure Switch Layer 3 Port Connected To Firewall
Feb 26, 2012I have a switch layer 6500 series connected to a firewall, the port configuration between them is layer 2, in another words I do not configure an IP address in the Cisco switch port to conected it in the firewall, but when a apply a policy on firewall it lose communication with others vlans, just the vlan that is connected between the switch and firewall works, attachment the design. I think that is necessary to configure the connection between the firewall and switch as layer 3 ( a port with IP address in the switch), but I would like to know why? The switch is configured with about 10 vlan and it is a inter vlan routing, a default route is configured in the switch where the gateway is the firewall.
View 5 Replies View RelatedCisco WAN :: 2960 To Configure Switch Port Security
Apr 7, 2012we are using 2960 cisco switch asn we are trying to configure port security.we are able to configure MAC base port security, but unbale to configure IP base port security.can any one guide us can do IP base port security like MAC port security. if not which switch will support IP and Mac base port security.
View 6 Replies View RelatedCisco Switching/Routing :: Catalyst 6513 - FWSM Module Configuration
Dec 20, 2007My company has acquired a Catalyst 6513 with a FWSM module installed on it. I have been reading lot of documentation on [URL], but still have some problems configuring the FWSM:
The 6513 has 10 SVIs configured, each of them with an IP address. These 10 SVIs are binded to 10 VLANs which I need to secure. These SVIs are used for routing all the Inter-VLAN traffic inside the switch. The documentation says it is recommended to use just one SVIs for connecting the switch to the FWSM, although you can use more than one using the command "firewall multiple-vlan-interfaces". I don't want to use this command because it seems a pretty more difficult configuration, since you have to use policy routing after using this command (or that is, at least, what documentation says).
When I try to "send" to the FWSM more than one VLAN that are configured as SVIs on the switch I get this error message:
"No more than one svi is allowed, command rejected."
If I delete the IP address of those SVIs, then I can to "send" those SVIs to the switch with no problem at all. But I need the SVIs to have IP address configured, since they are needed for routing Inter-V LAN traffic.
So, the question is: how can I route all the inter-VLAN traffic using just one SVI on the switch? Should I use the FWSM for inter-VLAN traffic routing?
Cisco Firewall :: 6509 - Replacing Faulty FWSM Module In Cluster
Apr 15, 2013We have a faulty FWSM module in Cisco 6509 switch in Active/Standby cluster mode
We have purchased a refurbished FWSM module to replace it. It has the same FWSM OS 4.0 (4) and is in factory default configuration
What procedures should I follow to make this unit live and sync the config between the current active unit to this one.
Cisco Firewall :: 6500 - FWSM And ACE S/W Compatibility
Aug 14, 2011We have a pair of 6500s with Sup720 running 12.2(33)SXI3. Each has an ACE-20 (s/w A2(2.0)) and FWSM (s/w v3.2(15)). We have reached a limit on the number of rules we can configure on the FWSM, and have determined that we shall upgrade to 4.1(5), with ASDM to 6.2(2)F. A question has been raised regarding the s/w on the ACE-20 modules. Do we need to upgrade them as well?
View 2 Replies View RelatedCisco Firewall :: FWSM Reset With 6500
Feb 3, 2012I have had a strange issue with a pair of FWSM's in 2 6500's, it seems there was a failover but both module's have been reset.
CAT1
Feb 03 17:08:46.525: %SNMP-5-MODULETRAP: Module 8 [Down] Trap Feb 03 17:08:46.522: SP: The PC in slot 8 is shutting down. Please wait ...Feb 03 17:09:01.525: SP: shutdown_pc_process:No response from module 8 Feb 03 17:09:11.382: %C6KPWR-SP-4-DISABLED: power to module in slot 8 set off (Reset) Feb 03 17:10:56.093: %DIAG-SP-6-RUN_MINIMUM: Module 8: Running Minimal Diagnostics...Feb 03 17:10:59.796: %SVCLC-5-FWVTPMODE: VTP
[Code]...
Cisco Firewall :: 6500 - FWSM Linux
Dec 20, 2012We run a 6500 with an FWSM with multiple security contexts as well as cascading contexts with a "shared V LAN" . There is a problem with regards to Linux machines and our shared network.
For example, we have three Linux machines in production, each in three separate V LAN's. For me to communicate to these boxes from one V LAN to another I must first ping the server. If I do not ping the server it will not bring up a connection like ssh or HTTP, etc. Below is the error I get from the FWSM that hosts the Linux server, but like I said once I ping the server the error goes away. We only have this problem with Linux machines, and it is a problem for all three of them. Is the FWSM having issues understanding something with all three Linux boxes? Below is the error I get at first, when I try to SSH from one V LAN to another V LAN with the Linux machine.
6 Dec 21 2012 16:33:54 106015 10.255.12.109 22 10.255.1.30 63000
Deny TCP (no connection) from 10.255.12.109/22 to 10.255.1.30/63000 flags SYN ACK on interface inside.
Below is what happens when I initiate a ping to the Linux Server and then ssh again. Notice it builds the connection with no problem after the ping. During the ping it builds the dynamic translation, and then when I ssh it builds the TCP connection. Do you know why this could be?
6 Dec 21 2012 16:35:08 305009 10.255.12.109 10.255.12.109
[Code]....
Cisco Switching/Routing :: 6509 VSS Implementation As A Service Module Core
Jun 8, 2011I m planning to implement VSS in core but want some inputs on IOS as i have FWSM as a service module Core :- Ii am running 12.2(33)SXH2a on my Core 6509 and i checkd cisco sites and Fwsm release notes but it states only I-Train of IOS while mine is H-Train so can I directly upgrade to I-Train or I was thinking of SXH8b IOS.
View 2 Replies View RelatedCisco Firewall :: Catalyst 6509E / Migrating From FWSM To ASA Service Module (ASASM)?
Jun 6, 2013I'm migrating from a failover pair of FWSM modules across to a failover pair of ASA Service Modules. In order to avoid a "big bang" switchover I intend to migrate subnets from one to the other over a protracted period.With that in mind, whether there is any restriction on having FWSM and ASASM modules in the same chassis? A trawl of the relevant documentation hasn't revealed anything.In this specific case it is Catalyst 6509E VSS chassis pairs with Sup-2T.
View 1 Replies View RelatedCisco Firewall :: 6500 - FWSM With Multiple Connections?
Aug 29, 2012There is a 6500 switch with fwsm. We have extended 2 vlans from the ISP into the FWSM. Also there are atleast 10 other vlans for our internal network. We would like say half of the internal vlans to go out of the 1st ISP vlan and the remaining half from the 2nd ISP vlan. Is there a way we can do this in the FWSM?
View 2 Replies View RelatedCisco Firewall :: Fail Context From One FWSM Over To Other 6500
Oct 23, 2012Firstly is this the right forum to post threads about FWSM's. We have 2 FWSM's in two seperate 6500 switches. There are a number of contexts on each FWSM.I want to fail a context from one FWSM over to the other 6500 and FWSM. Can you tell me how I can do that? Do I need to do it in the admin context and do I need to do it on the admin context of each 6500?
View 7 Replies View RelatedCisco Firewall :: 6500 - Introducing ASA Into Setup Instead Of Using FWSM
Jan 3, 2013We are thinking of introducing ASA's into our setup instead of using FWSM for our firewalls with our 6500. Currently we use multiple contexts with the FWSM, as we provide hosting services for multiple clients and want them behidn their own firewall. My question is how can we make this happen with an ASA. Since with the FWSM we use the backplane of the 6500 and SVI's for all interfaces between them. For example if we have 20 clients what will be the ideal setup for us to use with an ASA. If we can infact use mutiple contexts how can we? Is there a way we can maybe bundle all the ports in the ASA into the 6500 as a layer two trunk port and continue to use SVIs to manage all the clients.
View 3 Replies View RelatedCisco Firewall :: 6500 Admin Context On FWSM
Dec 3, 2012I have just joined a networks team and will be working on two fwsm versions 4.0(8) in two 6500 routers. Now the fwsms seem to be virtualised with multiple contexts. The server team want a new context setup for a group of servers behind a vlan. [code]
This context just seems to have two Vlans and a BVI interface. What is the function of this context and why we have 2 admin contexts?
Also another important question is on which 6500 do I create the new context? Is the admin context active on one 6500 just like other contexts and will sync across or do I have to create the new context on both 6500s.
Cisco Firewall :: 6500 FWSM Vlan Interface
Jan 29, 2012Is it possible for me to create 2 vlan interfaces on the 6500 and have them both in the same subnet?
For a specific customer requirement I would like to have a vlan interface on the 6500 as default gateway, sat in it's own vrf, and then route all traffic inbound and outbound to this vlan through the FWSM interface, preferably in the same subnet. I don't think this will be possible so just looking for confirmation either way.
As I will be running EIGRP between a pair of central 6500's and 2 remote offices it will make things much easier for me advertise the connected FWSM interfaces in to EIGRP for access in/out of all my VRF'd subnets. If I need another subnet for each VRF FWSM next hop then I'll have to reditribute a list of statics which I don't really want to do.
The reason I am not just using the FWSM as gateway is because I need to run HSRP across 3 different devices (another 6500 in a second suite), and failover FWSM will only give me 1 level of redundancy for those gateways.