I have a PIX 515E and also a PIX520. Basically this might be a really stupid question but...
How do I give the switch VLAN 1 and a VLAN 2 without a router? I mean I want the management IP to be on the vlan 1 and then all other traffic for the DMZ will be on the second vlan ??
How does one do this on the switch without a router ?
Lets assume vlan 1 is 192.168.1.0/24
vlan 2 is 192.168.2.0/24
Your switch vlan 1 interface is 192.168.1.2
First to create vlan 2 on the switch (assuming IOS)
switch(config)# vlan 2
switch(config-vlan)# name servers
Next make the switchport that the pix connects to a trunk
switch(config)# int fa0/24
switch(config-if)# switchport encapsulation dot1q
switch(config-if)# switchport mode trunk
NOTE: depending on your IOS you may or may need all the above commands for the trunk setup.
On the pix lets assume you use the inside interface for vlan 1 and vlan 2 and that you will use the .1 address out of each subnet for the pix interfaces.
interface ethernet1 100full
interface ethernet1 vlan1 physical
interface ethernet1 vlan2 logical
** ethernet1 is the inside interface - i have only included this in the confi **
nameif ethernet1 inside security100
nameif vlan2 servers security95
ip address inside 192.168.1.1 255.255.255.0
ip address servers 192.168.2.1 255.255.255.0
Your default gateway on the switch should be the address of vlan 1 on the pix ie. 192.168.1.1
Your default gateway on your servers/clients should be 192.168.2.1