PIX subinterfaces and Switch subinterfaces

Discussion in 'Cisco' started by Omarmasood360@gmail.com, Nov 17, 2005.

  1. Guest

    Hello People...first post!

    Network:

    NET----PIX 515e (7.0) -----3750 SMI-----Subnet 1 / Subnet 2

    PIX (IOS 7.0) 515e connects to 3750 SMI layer 2 switch. Switch then
    connects to 2 different vlans 10 and 20.

    I have created subinterfaces on the PIX and put them into vlans. I then
    found out that it is not possible to assign vlans under sub-interfaces.

    I can pretty much configure the switch and PIX the way I want, only
    constraints is that I have only one physical interface on the PIX.

    I am sure there is a way of getting this to work. Can someone tell me
    how to do this as I am out of job if I dont figure it out.

    I need all the help I can get!

    Omar.
     
    , Nov 17, 2005
    #1
    1. Advertising

  2. deccax Guest

    First you need to configure vlans on your switch: vlan 10, and vlan 20.
    Configure a trunk port on one of your switch ports and make sure the
    native vlan for that trunk port is either 1 or something else not on
    the that switch (not vlan 10 or 20).
    Second, configure your pix 7 with subinterfaces. You can do it on asdm
    in configuration -> interfaces -> add, and select your Ethernet. Type
    in vlan 1d: 10, sub-interface ID: 10, interface name: dmz, security
    level: 10 (or depend on policy), and ip address. Ok and save and add
    another interface with vlan id: 20 and sub-interface id: 20, and fill
    rest of information. After finish pix 7 configuration, you can connect
    your pix Ethernet to that trunk port on the switch. Basically it is
    similar to router-on-stick. But the one thing you need to be aware is
    pix does not support native vlan. (Or maybe it does but I don't know
    how) So if you configure your trunk port as native vlan 10 you will
    not getting anything from pix since native vlan is un-tagging on
    switch. So what I did is leave native vlan to 1 on the switch, also
    make sure you got nothing define as vlan1 otherwise it will not able to
    go to anywhere and pix will drop it.

    Thanks,

    =D=
     
    deccax, Nov 17, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tom Hickory
    Replies:
    0
    Views:
    814
    Tom Hickory
    Nov 11, 2003
  2. Nick Filimonov

    Netflow+NAT on subinterfaces on a stick

    Nick Filimonov, Feb 9, 2004, in forum: Cisco
    Replies:
    0
    Views:
    2,429
    Nick Filimonov
    Feb 9, 2004
  3. John Ireland
    Replies:
    4
    Views:
    11,457
    kirandeepmittal
    Nov 23, 2010
  4. grzesiek

    VLAN and subinterfaces

    grzesiek, Oct 16, 2005, in forum: Cisco
    Replies:
    1
    Views:
    10,729
    Mark Lar
    Oct 17, 2005
  5. muanivanua
    Replies:
    0
    Views:
    467
    muanivanua
    Jul 18, 2008
Loading...

Share This Page