Trunk between PIX and Catalyst switch

Answered Question

Hello,


Yesterday I got extremely good response from the forum how to create VLANs on PIX, I created the subinterfaces and assigned VLANs to them. I configured IP addresses as well. Did the same on the Cat Switch - created SVI and assined them IP add respectivly. Cat Switch shows its port is trunking properly but I cannot ping from PIX to the Switch and vice versa. Please help.


rvr

Correct Answer by Farrukh Haroon about 8 years 9 months ago

Is it possible for you to post the configuration of the PIX? At least the interface configuration?


And the trunk interface configuration on the switch?


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
massimiliano.se... Wed, 08/13/2008 - 03:46
User Badges:
  • Silver, 250 points or more

Hi,

In the interface configuration mode did you use the command:

vlan vlan_id

That is did you put the interface in the proper vlan?

Is the encapsulation type on the Catalyst set to 802.1q?

Massimiliano.

I used vlan 10 in subinterface config mode.

I assigned an IP as well. Named the subinterface as TEST and issued no shut. The configuration on the Cat is OK. Encapsulation is dot1q. I have two SVI int vlan 1 and int vlan 10. sh int f1/1 trunk on the Cat shows the post is trunking for VLAN 1 and 10, which is what I want to see.

When I try to ping from the PIX to the Cat, the PIX doesnt know where to go for that IP (in this case IP add of the VLAN 10 SVI on the Cat). The PIX is missing some more configs I think.


Regards,


rvr

Farrukh Haroon Wed, 08/13/2008 - 04:25
User Badges:
  • Red, 2250 points or more

Do the native vlan bit, then do 'show arp' on PIX (and switch) also to see if they are seeing MACs of each other.


Regards


Farrukh

Farrukh Haroon Wed, 08/13/2008 - 04:10
User Badges:
  • Red, 2250 points or more

Try to set the native vlan of this trunk port (on the switch) same as the vlan you assigned on the PIX sub-interface. I know it makes no sense, but I'm tell you from past experiences(s), so just do it :)


Then check.


Regards


Farrukh

Correct Answer
Farrukh Haroon Wed, 08/13/2008 - 05:14
User Badges:
  • Red, 2250 points or more

Is it possible for you to post the configuration of the PIX? At least the interface configuration?


And the trunk interface configuration on the switch?


Regards


Farrukh

Farrukh Haroon Wed, 08/13/2008 - 05:53
User Badges:
  • Red, 2250 points or more

Please add this on the switch:


!

interface FastEthernet1/1

switchport trunk encapsulation dot1q


And then see how it goes. Shut/Unshut the port just in case.


Please send output of 'show interfaces trunk' after this.


Regards


Farrukh

Farrukh Haroon Wed, 08/13/2008 - 06:28
User Badges:
  • Red, 2250 points or more

Try this (I know this makes no sense for trunk ports once again) but on the switch


int fa 0/1

switch access vlan 10


And try rebooting both the switch and the firewall if possible. You can also try to change the interface/port on the switch.


Regards


Farrukh

Farrukh Haroon Wed, 08/13/2008 - 06:34
User Badges:
  • Red, 2250 points or more

Also is the port up/up on the PIX if you do 'show interface'. You should also see a route for this subnet when you do 'show route' on the PIX?


Regards

Farrukh

Farrukh Haroon Wed, 08/13/2008 - 06:45
User Badges:
  • Red, 2250 points or more

Did you put the switch access vlan 10 commanD?


Regards


Farrukh

No I didn't because I will covert the port from trunk to access and I need this port to carry more than one VLAN. That's my idea to use one Physical port for many VLAN/s on the PIX. On the Switch I will configure several client VLANs that will communicate with the PIX over the trunk. The clients will access their site over VPN (different tunnels) from my network. I am running out of physical ports.


Regards,


rvr

Farrukh Haroon Wed, 08/13/2008 - 11:32
User Badges:
  • Red, 2250 points or more

No this command will not convert.


switch access vlan 10


If you enter this command tough, IT WILL:


switch mode access


Regards


Farrukh

Farrukh Haroon Thu, 08/14/2008 - 03:56
User Badges:
  • Red, 2250 points or more

Told ya buddy :)


I'm glad you have it working.


However I would really like to know the comments of the routing/switching experts on this forum as to WHY it worked :)


Regards


Farrukh

Actions

This Discussion