Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
5
Replies

PIX 515e & VLANs

mseou
Level 1
Level 1

‎09-07-2006 08:53 AM - edited ‎02-21-2020 01:09 AM

Hello all, I am hoping someone can shed some light on this for me. I am trying to set up multiple vlans on my pix box, i.e. vlan2 for subinterface e1.1 and vlan3 for subinterface vlan3. The pix keeps telling me that I need to add a failover license, is that the case for VLAN implementation? Also can the pix box route between the vlans, i.e. I don't have control of my local router so I need to have the pix do it, if possible.

Thanks, Mike Elliott

0 Helpful
5 Replies 5

sachinraja
Level 9
Level 9

‎09-07-2006 09:25 AM

I really dont think failover is a mandatory thing for vlan implementation... havent seen any docs stating this... when implementing vlans on pix, each vlan is a kind of DMZ interface on the PIX.

so, to communicate between vlans, you need to define the statics and ACLs on the PIX, just as defining between normal interfaces (inside/outside etc)... so, pix as a box will route traffic between vlans...

hope this helps.. all the best.. rate replies if useful..

Raj

0 Helpful

mseou
Level 1
Level 1
In response to sachinraja

‎09-07-2006 09:43 AM

I havn't seen any docs saying that either, however once you set up a subinterface it "thinks" you are setting up a failover interface (I assume) - so when the pix reloads it gives the error, "invalid command at line 38 - failover license required".

Ok on the statics, makes sense. However documentation about vlans and the pix is pretty hard to find, all they say is that starting with pix 6.3 vlan support was added. I am running 7.0(4).

0 Helpful

amohabir1
Level 1
Level 1
In response to mseou

‎09-07-2006 11:03 AM

I know this is a pretty simple answer but did you do a show failover? Does show failover show it as off? Maybe you should try turning off the failover feature.

0 Helpful

mseou
Level 1
Level 1
In response to amohabir1

‎09-07-2006 11:26 AM

actually it is activated with the license key (activation key), so you can't turn it on/off without the proper license, if you try the error of "command requires failover license" appears.

0 Helpful

mseou
Level 1
Level 1
In response to mseou

‎09-08-2006 11:18 AM

Apparently what I was experiencing is a bug that appears when you upgrade to 7.x. In case you care here is the bug number and you can use the tool to look it up - either way it is purely cosmetic.

BUG - CSCsc23718

>mike elliott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card