How to create VLAN on Cisco PIX 6.3?

Answered Question
May 31st, 2007
User Badges:
  • Silver, 250 points or more

Hi,

how to create vlan on pix-6.3? i am bit confused.

how do i assign a single internet face with multiple ip address(not secondary IP address) for each & every vlan?

how to i connect to the switch, i mean if i put "switch port mode trunk" on the switch side, what command should i need on the PIX "inside" interface? in router the command is "encapsulation dot1Q 1"


also is there any restrictions that only limited vlans can be created or it is unlimited?

Correct Answer by dominic.caron about 10 years 1 month ago

hi


When you configure your interface, you usualy do it like that


interface ethernet0 auto

interface ethernet1 auto


Let's say that ethernet1 is a trunk with 2 vlan and a native vlan, you need to add to your config:


interface ethernet1 vlan100 logical

interface ethernet1 vlan200 logical



After that you need to name those interfaces and set the security level.


nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan200 V200 security4

nameif vlan100 V100 security6


This configuration will give you an interface(eth1) with 1 native vlan(inside) and 2 tagged vlan(v200 and v100)


PIX will not negociate a trunk, your switch config is correct.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
dominic.caron Fri, 06/01/2007 - 05:41
User Badges:
  • Silver, 250 points or more

hi


When you configure your interface, you usualy do it like that


interface ethernet0 auto

interface ethernet1 auto


Let's say that ethernet1 is a trunk with 2 vlan and a native vlan, you need to add to your config:


interface ethernet1 vlan100 logical

interface ethernet1 vlan200 logical



After that you need to name those interfaces and set the security level.


nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan200 V200 security4

nameif vlan100 V100 security6


This configuration will give you an interface(eth1) with 1 native vlan(inside) and 2 tagged vlan(v200 and v100)


PIX will not negociate a trunk, your switch config is correct.


Anand Narayana Fri, 06/01/2007 - 08:28
User Badges:
  • Silver, 250 points or more

Thanks Dominic,

u say that "PIX will not negotiate a trunk, your switch config is correct" does it mean that "switchport mode trunk" alone is enuf in my switch for the provided vlan configuration on pix? & does it allows all vlanz to my switch?


ofcourse mine is a un-restricted license, so max i can hav 8 vlanz :-)

dominic.caron Sat, 06/02/2007 - 15:09
User Badges:
  • Silver, 250 points or more

switchport mode trunk will send all vlan to the PIX, if you want to restrict, simply use a allowed vlan list on the switch interface.

Actions

This Discussion