PIX subinterfaces and Switch subinterfaces

Discussion in 'Cisco' started by Omarmasood360, Nov 17, 2005.

  1. Hello People...first post!

    Network:

    NET----PIX 515e (7.0) -----3750 SMI-----Subnet 1 / Subnet 2

    PIX (IOS 7.0) 515e connects to 3750 SMI layer 2 switch. Switch then
    connects to 2 different vlans 10 and 20.

    I have created subinterfaces on the PIX and put them into vlans. I then
    found out that it is not possible to assign vlans under sub-interfaces.

    I can pretty much configure the switch and PIX the way I want, only
    constraints is that I have only one physical interface on the PIX.

    I am sure there is a way of getting this to work. Can someone tell me
    how to do this as I am out of job if I dont figure it out.

    I need all the help I can get!

    Omar.
     
    Omarmasood360, Nov 17, 2005
    #1
    1. Advertisements

  2. Omarmasood360

    deccax Guest

    First you need to configure vlans on your switch: vlan 10, and vlan 20.
    Configure a trunk port on one of your switch ports and make sure the
    native vlan for that trunk port is either 1 or something else not on
    the that switch (not vlan 10 or 20).
    Second, configure your pix 7 with subinterfaces. You can do it on asdm
    in configuration -> interfaces -> add, and select your Ethernet. Type
    in vlan 1d: 10, sub-interface ID: 10, interface name: dmz, security
    level: 10 (or depend on policy), and ip address. Ok and save and add
    another interface with vlan id: 20 and sub-interface id: 20, and fill
    rest of information. After finish pix 7 configuration, you can connect
    your pix Ethernet to that trunk port on the switch. Basically it is
    similar to router-on-stick. But the one thing you need to be aware is
    pix does not support native vlan. (Or maybe it does but I don't know
    how) So if you configure your trunk port as native vlan 10 you will
    not getting anything from pix since native vlan is un-tagging on
    switch. So what I did is leave native vlan to 1 on the switch, also
    make sure you got nothing define as vlan1 otherwise it will not able to
    go to anywhere and pix will drop it.

    Thanks,

    =D=
     
    deccax, Nov 17, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.