Intervlan routing?

Unanswered Question
Jun 15th, 2008


Overview of the basic layout is as show in the attachment. An additional note is that, the PIX and R7 is connected through a switch, CAT2.

*VLAN 24 is the primary untagged VLAN


interface FastEthernet0/2

switchport access vlan 24

switchport mode access

CAT2 - R7

interface FastEthernet0/7

switchport access vlan 7

switchport mode access


interface Ethernet0

nameif outside

security-level 0

ip address


interface Ethernet0.7

vlan 7

nameif DMZ7

security-level 25

ip address


interface FastEthernet0/0

ip address

duplex auto

speed auto

ip route

Above is the configurations as I have entered them, and VLANs have been created on the switch. As I can see, PIX E0 is in VLAN 24 and PIX E0.7 is in VLAN 7 and my R7 FA0/0 is also in VLAN7.

I am unable to ping the R7 address, from the PIX. I think there is a problem with the VLANs, can anyone advise?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mahmoodmkl Sun, 06/15/2008 - 16:16


I think the interface to which PIX is connected it should be a trunk port.

U should define the default route in the switch not in the router.

U r router should have a route pointing to the SVI for which its the member of i.e vlan7

Have u created any SVI's in the switch..?



vincent7544437 Sun, 06/15/2008 - 16:40

Hi Mahmood,

Thanks for your reply, yup changing the switchport to trunk mode did it. I forgot to try that. Thanks for your help.

hennigan Sun, 06/15/2008 - 16:43

On the switch port connected to the PIX, you need to make it a trunk with both VLANs.

interface FastEthernet0/2

description Trunk to PIX

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk native vlan 24

switchport trunk allow vlan 7,24

The "switchport trunk encapsulation dot1q" line may or may not be needed depending on the model and IOS version on the switch.

Your subject says "Intervlan routing" but it looks as if you really want straight layer 2 trunking on the switch. If you route between VLANs on the switch, you'll bypass the PIX firewall functionality.

I'm assuming that not shown is a switch port configured as access on VLAN 24 that connects to the Internet, also that R7 is an inside router for traffic on the DMZ.


This Discussion