cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
570
Views
0
Helpful
5
Replies

Pix 535 interface bundling

Bruce Summers
Level 1
Level 1

does anybody know if you can "bundle" gig interfaces on a PIX 535 and then further use the bundled interface as a trunk?

Thanks

Bruce

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

bruce.summers wrote:

does anybody know if you can "bundle" gig interfaces on a PIX 535 and then further use the bundled interface as a trunk?

Thanks

Bruce

Bruce

No the pix firewalls do not support etherchannel ie. bundling multiple physical links into one logcial link.

You can however run a physical interface to a switch and configure the link as an 802.1Q trunk on the switch end and then have subinterfaces on the pix firewall but you probably know this already.

Jon

I just tested that out...

Yes, that makes sense now..i can trunk vlans up to the switch using a single physical interface and configure sub-interfaces to be allocated to my security context(s) to function as vlan interfaces...

but, the best i'm going to be able to do it looks like, is use the redundant interface option...this will give me some "failover" capability, but not provide the 2 gig throughput i was hoping to get...

does that pretty much sum it up...

Also, i've heard ver 8.0 is "unstable" any thoughts on that...

bruce

bruce.summers wrote:

I just tested that out...

Yes, that makes sense now..i can trunk vlans up to the switch using a single physical interface and configure sub-interfaces to be allocated to my security context(s) to function as vlan interfaces...

but, the best i'm going to be able to do it looks like, is use the redundant interface option...this will give me some "failover" capability, but not provide the 2 gig throughput i was hoping to get...

does that pretty much sum it up...

Also, i've heard ver 8.0 is "unstable" any thoughts on that...

bruce

Bruce

That is the tradeoff with using subinterfaces i'm afraid in that you now have multiple vlans sharing the 1Gbps bandwidth of the physical interface.

Not had any experience with v8.x as yet so can't really comment.

Jon

Bruce Summers
Level 1
Level 1

well...

I am learning quickly about the subinterfaces...

so, based on what you're saying, i could do the following:

int g1

subint g1.35

     vlan 1234

     vlan 3456

connect g1 to switch A 1/0/1 and configure switch A's uplink interface as an 802.1q trunk allowing vlan1234 and vlan3456

thats what you're referring to, correct?

Exactly.  You got it. But, the config looks like this. Pls. leave the main interface blank.

Here is a sample:

interface GigabitEthernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.1
vlan 10
nameif dmz1
security-level 50
ip address 10.128.0.1 255.255.255.0

interface GigabitEthernet0/0.2
vlan 20
nameif dmz2
security-level 60
ip address 192.168.0.1 255.255.255.0


-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: