Cisco Cisco Catalyst 6500 Series Firewall Services Module Guía Para Resolver Problemas
Overview
These steps instruct you in the configuration, upgrade, and replacement of the FWSM. The steps are explained
in further detail in the remaining sections of this document.
in further detail in the remaining sections of this document.
Define a separate VLAN as a firewall VLAN (remove the old firewall VLAN definitions) on the
switch with the replacement FWSM.
switch with the replacement FWSM.
1.
Plug a PC into the Catalyst 6000 and assign the switch port to the same VLAN that you just defined.
2.
Session to the FWSM and enable an interface.
3.
Use the PC as a TFTP server to download the software. Ensure that you use the same version of code
as the current Active device.
as the current Active device.
4.
Configure basic failover settings on the FWSM and restore the old firewall VLANs and the failover
interface (remove the interface configured for TFTP). At this time, configuration replication occurs
and the FWSM becomes the backup.
interface (remove the interface configured for TFTP). At this time, configuration replication occurs
and the FWSM becomes the backup.
5.
Upgrade the FWSM Code
In order to run failover, the two FWSMs must run the same version of code. In the case that the RMA'd
FWSM does not come with the same version of code as the active firewall, complete these steps in order to
upgrade.
FWSM does not come with the same version of code as the active firewall, complete these steps in order to
upgrade.
Download FWSM software (registered customers only) to your TFTP server.
Enable a New Switch VLAN that is not Currently in Use
Complete these steps:
Add the VLAN to the switch.
The VLAN cannot be a reserved VLAN.
Use the vlan vlan_number command to add the VLAN if you run Cisco IOS® software on
the switch.
the switch.
♦
Use the set vlan vlan_number command to add the VLAN if you run Catalyst Operating
System software on the switch.
System software on the switch.
♦
1.
Assign the VLAN to the switch port to which you plan to connect the PC.
Enter these commands in order to assign a VLAN to a port, using Cisco IOS software:
router(config)#interface type slot/port
router(config−if)#switchport
router(config−if)#switchport mode access
router(config−if)#switchport access vlan vlan_id
♦
Enter this command in order to assign a VLAN to a port, using Catalyst Operating System
software:
software:
set vlan vlan_number mod/ports
♦
2.
Copy the old firewall commands to Notepad in order to back them up. Next, remove and then replace
them by substituting the VLAN defined in steps 1 and 2.
them by substituting the VLAN defined in steps 1 and 2.
3.