PIX subinterfaces and Switch subinterfaces

Hello People...first post!


NET----PIX 515e (7.0) -----3750 SMI-----Subnet 1 / Subnet 2

PIX (IOS 7.0) 515e connects to 3750 SMI layer 2 switch. Switch then connects to 2 different vlans 10 and 20.

I have created subinterfaces on the PIX and put them into vlans. I then found out that it is not possible to assign vlans under sub-interfaces.

I can pretty much configure the switch and PIX the way I want, only constraints is that I have only one physical interface on the PIX.

I am sure there is a way of getting this to work. Can someone tell me how to do this as I am out of job if I dont figure it out.

I need all the help I can get!


Reply to
Loading thread data ...

First you need to configure vlans on your switch: vlan 10, and vlan 20. Configure a trunk port on one of your switch ports and make sure the native vlan for that trunk port is either 1 or something else not on the that switch (not vlan 10 or 20). Second, configure your pix 7 with subinterfaces. You can do it on asdm in configuration -> interfaces -> add, and select your Ethernet. Type in vlan 1d: 10, sub-interface ID: 10, interface name: dmz, security level: 10 (or depend on policy), and ip address. Ok and save and add another interface with vlan id: 20 and sub-interface id: 20, and fill rest of information. After finish pix 7 configuration, you can connect your pix Ethernet to that trunk port on the switch. Basically it is similar to router-on-stick. But the one thing you need to be aware is pix does not support native vlan. (Or maybe it does but I don't know how) So if you configure your trunk port as native vlan 10 you will not getting anything from pix since native vlan is un-tagging on switch. So what I did is leave native vlan to 1 on the switch, also make sure you got nothing define as vlan1 otherwise it will not able to go to anywhere and pix will drop it.



Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.