pix vlan trunking

Discussion in 'Cisco' started by Bill F, May 3, 2004.

  1. Bill F

    Bill F Guest

    Does this feature allow the pix to route between up to 8 vlans? Was it
    intended to be used a substitute for a router on a stick?
     
    Bill F, May 3, 2004
    #1
    1. Advertisements

  2. :Does this feature allow the pix to route between up to 8 vlans?

    The number of vlans depends upon the model, number of physical
    interfaces present, and the license. 8 is the maximum number of VLANs
    for the PIX 535 with the Restricted license, but the 520 supports
    more with all licenses, and the 525 and 535 with Unrestricted
    licenses support more.

    : Was it
    :intended to be used a substitute for a router on a stick?

    No. Router on a stick would support icmp redirects; the PIX
    does not. And when you are using VLANs on the PIX, you still cannot
    send packets out the same VLAN that they came in on.
     
    Walter Roberson, May 3, 2004
    #2
    1. Advertisements

  3. Bill F

    mh Guest

    Does this feature allow the pix to route between up to 8 vlans?

    No
    No
     
    mh, May 3, 2004
    #3
  4. Bill F

    Peter Guest

    Hi Walter,

    This made me wonder if the PIX can support routing BETWEEN VLANS on a
    SINGLE physical interface, or does the " NO in and out on same
    interface" rule, apply to Logical interfaces only where they exist?

    Thanks...........pk.
     
    Peter, May 3, 2004
    #4
  5. :This made me wonder if the PIX can support routing BETWEEN VLANS on a
    :SINGLE physical interface, or does the " NO in and out on same
    :interface" rule, apply to Logical interfaces only where they exist?

    There is no problem going between different VLANs on the same physical
    interface, as long as they have different security levels. When you
    do not have VLANs on an interface, then a packet coming in would
    be trying to go to the same security level interface outgoing
    (because it's the identical interface), and traffic between identical
    security levels is always dropped. But logical interfaces generally
    have different security levels so traffic between them is generally
    allowed even when they share a physical interface.
     
    Walter Roberson, May 4, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.