pix vlan trunking

Discussion in 'Cisco' started by Bill F, May 3, 2004.

  1. Bill F

    Bill F Guest

    Does this feature allow the pix to route between up to 8 vlans? Was it
    intended to be used a substitute for a router on a stick?
     
    Bill F, May 3, 2004
    #1
    1. Advertising

  2. In article <>,
    Bill F <> wrote:
    :Does this feature allow the pix to route between up to 8 vlans?

    The number of vlans depends upon the model, number of physical
    interfaces present, and the license. 8 is the maximum number of VLANs
    for the PIX 535 with the Restricted license, but the 520 supports
    more with all licenses, and the 525 and 535 with Unrestricted
    licenses support more.

    : Was it
    :intended to be used a substitute for a router on a stick?

    No. Router on a stick would support icmp redirects; the PIX
    does not. And when you are using VLANs on the PIX, you still cannot
    send packets out the same VLAN that they came in on.
    --
    Those were borogoves and the momerathsoutgrabe completely mimsy.
     
    Walter Roberson, May 3, 2004
    #2
    1. Advertising

  3. Bill F

    mh Guest

    > Does this feature allow the pix to route between up to 8 vlans?

    No

    > Was it intended to be used a substitute for a router on a stick?


    No
     
    mh, May 3, 2004
    #3
  4. Bill F

    Peter Guest

    Hi Walter,

    Walter Roberson wrote:
    > No. Router on a stick would support icmp redirects; the PIX
    > does not. And when you are using VLANs on the PIX, you still cannot
    > send packets out the same VLAN that they came in on.


    This made me wonder if the PIX can support routing BETWEEN VLANS on a
    SINGLE physical interface, or does the " NO in and out on same
    interface" rule, apply to Logical interfaces only where they exist?

    Thanks...........pk.

    --
    *** Replace SOMEONE with prk ***
     
    Peter, May 3, 2004
    #4
  5. In article <6Vzlc.1638$>,
    Peter <> wrote:
    :This made me wonder if the PIX can support routing BETWEEN VLANS on a
    :SINGLE physical interface, or does the " NO in and out on same
    :interface" rule, apply to Logical interfaces only where they exist?

    There is no problem going between different VLANs on the same physical
    interface, as long as they have different security levels. When you
    do not have VLANs on an interface, then a packet coming in would
    be trying to go to the same security level interface outgoing
    (because it's the identical interface), and traffic between identical
    security levels is always dropped. But logical interfaces generally
    have different security levels so traffic between them is generally
    allowed even when they share a physical interface.
    --
    Look out, there are llamas!
     
    Walter Roberson, May 4, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. DaZZa
    Replies:
    0
    Views:
    650
    DaZZa
    Feb 16, 2004
  2. BG
    Replies:
    4
    Views:
    12,447
  3. Michael Letchworth

    Trunking VLAN to non cisco switch?

    Michael Letchworth, Dec 9, 2004, in forum: Cisco
    Replies:
    3
    Views:
    1,564
  4. Replies:
    5
    Views:
    9,560
    Walter Roberson
    Jan 2, 2005
  5. GJP
    Replies:
    6
    Views:
    5,072
    Hansang Bae
    Mar 14, 2005
Loading...

Share This Page