1. cisco7609#show module  显示FWSM模块的状态
    cisco7609#session slot 3 p 1        登陆到第3槽位的FWSM,Ctrl-^后,x,表示退出,或exit推出,enable进入
  2. Lisence激活: 第一次进入FWSM,需要激活:
    登陆[url]www.cisco.com/go/license[/url] ,通过产品授权key申请activation key
    hostname(config)#activation-key 0xe02888da 0x4ba7bed6 0xf1c123ae 0xffd8624e        完成激活
    FWSM#SH VER 察看激活情况,可以看到security contexts 被激活的个数
  3. FWSM可以插在65或者76的任意一个交换槽位
  4. inside到outside也要有ACL permit
  5. FWSM2.1开始支持same security traffic communication
  6. FWSM和65背板有6G的带宽
  7. 默认FWSM只能有一个VLAN和MSFC关联,但是可以通过命令firewall multiple-vlan-interfaces将多个MSFC的SVI和FWSM的VLAN关联
  8. 默认FWSM的所有接口禁ping,需要通过icmp permit inside , icmp permit outside放开
  9. 支持256个context
  10. context之间的通讯
    0 && p_w_picpath.height>0){if(p_w_picpath.width>=700){this.width=700;this.height=p_w_picpath.height*700/p_w_picpath.width;}}" height="288" alt="" src="file:///C:/DOCUME~1/XIAO_T~1/LOCALS~1/Temp/msohtmlclip1/01/clip_p_w_picpath001.png" width="570" _fcksavedurl="file:///C:/DOCUME~1/XIAO_T~1/LOCALS~1/Temp/msohtmlclip1/01/clip_p_w_picpath001.png" style="line-height: 1.5em !important; ">
    需要配置静态路由指向MSFC的地址
  11. 将配置在MSFC上的vlan和FWSM关联方式
    cisco7609(config#firewall multiple-vlan-interface
    cisco7609(config#firewall module 3 vlan-group 1,2
    cisco7609(config#firewall vlan-group 1 10,12,110,112
    cisco7609(config#firewall vlan-group 2 80-92,182-192
    //如果把多个vlan放入一个组,有时会提示超出最大VLAN数目
  12. FWSM的flash结构
    The FWSM has a 128-MB Flash memory card that stores the operating system, configurations, and other data. The Flash memory includes six partitions, called cf:n in Cisco IOS and Catalyst operating system software commands:
    &S226; Maintenance partition (cf:1)—Contains the maintenance software. Use the maintenance software to upgrade or install application p_w_picpaths if you cannot boot into the application partition, to reset the application p_w_picpath password, or to display the crash dump information.
    &S226; Network configuration partition (cf:2)—Contains the network configuration of the maintenance software. The maintenance software requires IP settings so that the FWSM can reach the TFTP server to download application software p_w_picpaths.
    &S226; Crash dump partition (cf:3)—Stores the crash dump information.
    &S226; Application partitions (cf:4 and cf:5)—Stores the application software p_w_picpath, system configuration, and ASDM. By default, Cisco installs the p_w_picpaths on cf:4. You can use cf:5 as a test partition. For example, if you want to upgrade your software, you can install the new software on cf:5, but maintain the old software as a backup in case you have problems. Each partition includes its own startup configuration.
    &S226; Security context partition (cf:6)—64 MB are dedicated to this partition, which stores security context configurations (if desired) and RSA keys in a navigable file system. Other partitions do not have file systems that allow you to perform common tasks such as listing files. This partition is called disk when using the copy command.