Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX 515e & VLANs

Unanswered Question
Sep 7th, 2006
User Badges:

Hello all, I am hoping someone can shed some light on this for me. I am trying to set up multiple vlans on my pix box, i.e. vlan2 for subinterface e1.1 and vlan3 for subinterface vlan3. The pix keeps telling me that I need to add a failover license, is that the case for VLAN implementation? Also can the pix box route between the vlans, i.e. I don't have control of my local router so I need to have the pix do it, if possible.

Thanks, Mike Elliott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Thu, 09/07/2006 - 09:25
User Badges:
  • Red, 2250 points or more

I really dont think failover is a mandatory thing for vlan implementation... havent seen any docs stating this... when implementing vlans on pix, each vlan is a kind of DMZ interface on the PIX.

so, to communicate between vlans, you need to define the statics and ACLs on the PIX, just as defining between normal interfaces (inside/outside etc)... so, pix as a box will route traffic between vlans...

hope this helps.. all the best.. rate replies if useful..


mseou Thu, 09/07/2006 - 09:43
User Badges:

I havn't seen any docs saying that either, however once you set up a subinterface it "thinks" you are setting up a failover interface (I assume) - so when the pix reloads it gives the error, "invalid command at line 38 - failover license required".

Ok on the statics, makes sense. However documentation about vlans and the pix is pretty hard to find, all they say is that starting with pix 6.3 vlan support was added. I am running 7.0(4).

amohabir1 Thu, 09/07/2006 - 11:03
User Badges:

I know this is a pretty simple answer but did you do a show failover? Does show failover show it as off? Maybe you should try turning off the failover feature.

mseou Thu, 09/07/2006 - 11:26
User Badges:

actually it is activated with the license key (activation key), so you can't turn it on/off without the proper license, if you try the error of "command requires failover license" appears.

mseou Fri, 09/08/2006 - 11:18
User Badges:

Apparently what I was experiencing is a bug that appears when you upgrade to 7.x. In case you care here is the bug number and you can use the tool to look it up - either way it is purely cosmetic.

BUG - CSCsc23718

>mike elliott


This Discussion