Vlan and PIX question
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by Rob on March 28, 2006, 11:16 am
Please log in for more thread options We are going to share our Internet connection feed with a WAN connection. The ISP will do it using VLAN. My plan is to bring the feed to a swtich which supports VLAN and then split it to ports with different VLN ID, and take the Internet to the outside PIX (515, 6.3). My question.... Is that doable? Do I need to change anything on PIX? Do you see any issue with VLANing and PIX as long as I use a swith to split VLANs. Thanks in advance for any help. Rob | |||||||||||||||||||
|
Posted by Merv on March 28, 2006, 1:50 pm
Please log in for more thread options | |||||||||||||||||||
|
Posted by Lutz Donnerhacke on March 28, 2006, 2:02 pm
Please log in for more thread options * Rob wrote:
No problems. Have fun. | |||||||||||||||||||
|
Posted by Walter Roberson on March 28, 2006, 7:58 pm
Please log in for more thread options >We are going to share our Internet connection feed with a WAN connection.
>The ISP will do it using VLAN. My plan is to bring the feed to a swtich >which supports VLAN and then split it to ports with different VLN ID, and >take the Internet to the outside PIX (515, 6.3). My question.... Is that >doable? Do I need to change anything on PIX? Do you see any issue with >VLANing and PIX as long as I use a swith to split VLANs. The PIX 515 running 6.3 software can handle several 802.1Q VLANs directly -- that is, you could trunk several VLANs to the 515 and configure "logical" interfaces and pull the VLANs off as if they were seperate physical interfaces. Whether you want to do that or not depends on whether you are providing security for the other VLANs or if they belong to other organizations. If you are just using a plain stream out the 515 and the switch is encapsulating into a VLAN, then you *might* need to reduce the sysopt mss and/or the MTU by a few bytes, if there is any equipment in the path that does not know about the extended frame size that is often allowed for 802.1Q tagged packets. | |||||||||||||||||||
| Similar Threads | Posted |
| Vlan and PIX question | March 28, 2006, 11:16 am |
| Cat OS VLAN question | July 7, 2006, 6:32 pm |
| VLAN Question | March 8, 2007, 3:06 pm |
| VLAN Question | July 25, 2007, 12:41 pm |
| VLAN Question | August 22, 2007, 3:01 pm |
| vlan and vpn config question | January 12, 2006, 10:04 am |
| basic vlan pix 6.3 question | July 25, 2006, 2:26 am |
| Basic VLAN question. | June 27, 2005, 12:21 pm |
| Native VLAN question | November 22, 2005, 5:58 am |
| newbie's question on VLAN | September 15, 2006, 12:40 pm |
| VLAN IP Addressing Question | November 14, 2006, 10:32 am |
| question of vlan cisco | March 3, 2007, 12:36 am |
| VLAN basic question | March 2, 2007, 10:40 am |
| dot1q vlan question | March 21, 2007, 10:18 pm |
| native vlan question | April 15, 2008, 3:51 am |
> VLANing and PIX as long as I use a swith to split VLANs.