[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Not able to add VLAN in 6500 - FWSM

Posted on 2011-10-11
Medium Priority
Last Modified: 2012-08-14

i am not able to create new vlan in 6500 FWSM

i did the below
(config)#vlan 192
(config)#firewall vlan-group 1  192
(config)#firewall module 2 vlan-group 1
(config)#inter vlan 192
(config-if)#ip address
(config-if)#no shut

I am getting the below error but the vlan number is showing in FWSM

Forcing SVI 192 to stay shutdown (SVI 350 tied to line card in slot 2.)

at present my network is 10.x.x.x now i am trying to add 192.168.x.x vlan
Question by:amitabhg
  • 2
  • 2
LVL 43

Accepted Solution

JFrederick29 earned 2000 total points
ID: 36950253
By default, it won't allow you to have more than one SVI on the switch that is part of the Firewall VLAN group.  Typically, the layer3 interface for the VLAN's resides on the FWSM (not the switch) since if the switch is routing, you can bypass the Firewall.

Author Comment

ID: 36950738
TanQ very much for your reply

i have one more doubt  
in my switch i have couple of existing vlans in vlan group 1

firewall vlan-group 1  20,30,60,80

no i want to add one more new vlan in this group   vlan 192 is the new vlan

firewall vlan-group 1 192         is this enough or is it remove all existing and put this new one....??

LVL 43

Assisted Solution

JFrederick29 earned 2000 total points
ID: 36950742
No, it won't remove the others, it will add 192 to the list.

Author Comment

ID: 36954448
TanQ very much for you quick response

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Considering cloud tradeoffs and determining the right mix for your organization.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question