cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
340
Views
0
Helpful
4
Replies

Intervlan routing?

vincent7544437
Level 1
Level 1

Hi,

Overview of the basic layout is as show in the attachment. An additional note is that, the PIX and R7 is connected through a switch, CAT2.

*VLAN 24 is the primary untagged VLAN

CAT2 - PIX

interface FastEthernet0/2

switchport access vlan 24

switchport mode access

CAT2 - R7

interface FastEthernet0/7

switchport access vlan 7

switchport mode access

PIX

interface Ethernet0

nameif outside

security-level 0

ip address 192.1.24.10 255.255.255.0

!

interface Ethernet0.7

vlan 7

nameif DMZ7

security-level 25

ip address 10.7.7.10 255.255.255.0

R7

interface FastEthernet0/0

ip address 10.7.7.7 255.255.255.0

duplex auto

speed auto

ip route 0.0.0.0 0.0.0.0 10.7.7.10

Above is the configurations as I have entered them, and VLANs have been created on the switch. As I can see, PIX E0 is in VLAN 24 and PIX E0.7 is in VLAN 7 and my R7 FA0/0 is also in VLAN7.

I am unable to ping the R7 address, 10.7.7.7 from the PIX. I think there is a problem with the VLANs, can anyone advise?

4 Replies 4

mahmoodmkl
Level 7
Level 7

Hi

I think the interface to which PIX is connected it should be a trunk port.

U should define the default route in the switch not in the router.

U r router should have a route pointing to the SVI for which its the member of i.e vlan7

Have u created any SVI's in the switch..?

Thanks

Mahmood

Hi Mahmood,

Thanks for your reply, yup changing the switchport to trunk mode did it. I forgot to try that. Thanks for your help.

hennigan
Level 1
Level 1

On the switch port connected to the PIX, you need to make it a trunk with both VLANs.

interface FastEthernet0/2

description Trunk to PIX

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk native vlan 24

switchport trunk allow vlan 7,24

The "switchport trunk encapsulation dot1q" line may or may not be needed depending on the model and IOS version on the switch.

Your subject says "Intervlan routing" but it looks as if you really want straight layer 2 trunking on the switch. If you route between VLANs on the switch, you'll bypass the PIX firewall functionality.

I'm assuming that not shown is a switch port configured as access on VLAN 24 that connects to the Internet, also that R7 is an inside router for traffic on the DMZ.

thanks for the help =)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: