PIX subinterfaces and Switch subinterfaces

Discussion in 'Cisco' started by Omarmasood360, Nov 17, 2005.

  1. Hello People...first post!


    NET----PIX 515e (7.0) -----3750 SMI-----Subnet 1 / Subnet 2

    PIX (IOS 7.0) 515e connects to 3750 SMI layer 2 switch. Switch then
    connects to 2 different vlans 10 and 20.

    I have created subinterfaces on the PIX and put them into vlans. I then
    found out that it is not possible to assign vlans under sub-interfaces.

    I can pretty much configure the switch and PIX the way I want, only
    constraints is that I have only one physical interface on the PIX.

    I am sure there is a way of getting this to work. Can someone tell me
    how to do this as I am out of job if I dont figure it out.

    I need all the help I can get!

    Omarmasood360, Nov 17, 2005
    1. Advertisements

  2. Omarmasood360

    deccax Guest

    First you need to configure vlans on your switch: vlan 10, and vlan 20.
    Configure a trunk port on one of your switch ports and make sure the
    native vlan for that trunk port is either 1 or something else not on
    the that switch (not vlan 10 or 20).
    Second, configure your pix 7 with subinterfaces. You can do it on asdm
    in configuration -> interfaces -> add, and select your Ethernet. Type
    in vlan 1d: 10, sub-interface ID: 10, interface name: dmz, security
    level: 10 (or depend on policy), and ip address. Ok and save and add
    another interface with vlan id: 20 and sub-interface id: 20, and fill
    rest of information. After finish pix 7 configuration, you can connect
    your pix Ethernet to that trunk port on the switch. Basically it is
    similar to router-on-stick. But the one thing you need to be aware is
    pix does not support native vlan. (Or maybe it does but I don't know
    how) So if you configure your trunk port as native vlan 10 you will
    not getting anything from pix since native vlan is un-tagging on
    switch. So what I did is leave native vlan to 1 on the switch, also
    make sure you got nothing define as vlan1 otherwise it will not able to
    go to anywhere and pix will drop it.


    deccax, Nov 17, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.