01-13-2010 09:37 AM - edited 03-11-2019 09:57 AM
does anybody know if you can "bundle" gig interfaces on a PIX 535 and then further use the bundled interface as a trunk?
Thanks
Bruce
01-13-2010 09:44 AM
bruce.summers wrote:
does anybody know if you can "bundle" gig interfaces on a PIX 535 and then further use the bundled interface as a trunk?
Thanks
Bruce
Bruce
No the pix firewalls do not support etherchannel ie. bundling multiple physical links into one logcial link.
You can however run a physical interface to a switch and configure the link as an 802.1Q trunk on the switch end and then have subinterfaces on the pix firewall but you probably know this already.
Jon
01-13-2010 10:08 AM
I just tested that out...
Yes, that makes sense now..i can trunk vlans up to the switch using a single physical interface and configure sub-interfaces to be allocated to my security context(s) to function as vlan interfaces...
but, the best i'm going to be able to do it looks like, is use the redundant interface option...this will give me some "failover" capability, but not provide the 2 gig throughput i was hoping to get...
does that pretty much sum it up...
Also, i've heard ver 8.0 is "unstable" any thoughts on that...
bruce
01-13-2010 10:47 AM
bruce.summers wrote:
I just tested that out...
Yes, that makes sense now..i can trunk vlans up to the switch using a single physical interface and configure sub-interfaces to be allocated to my security context(s) to function as vlan interfaces...
but, the best i'm going to be able to do it looks like, is use the redundant interface option...this will give me some "failover" capability, but not provide the 2 gig throughput i was hoping to get...
does that pretty much sum it up...
Also, i've heard ver 8.0 is "unstable" any thoughts on that...
bruce
Bruce
That is the tradeoff with using subinterfaces i'm afraid in that you now have multiple vlans sharing the 1Gbps bandwidth of the physical interface.
Not had any experience with v8.x as yet so can't really comment.
Jon
01-13-2010 09:56 AM
well...
I am learning quickly about the subinterfaces...
so, based on what you're saying, i could do the following:
int g1
subint g1.35
vlan 1234
vlan 3456
connect g1 to switch A 1/0/1 and configure switch A's uplink interface as an 802.1q trunk allowing vlan1234 and vlan3456
thats what you're referring to, correct?
01-13-2010 10:46 AM
Exactly. You got it. But, the config looks like this. Pls. leave the main interface blank.
Here is a sample:
interface GigabitEthernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.1
vlan 10
nameif dmz1
security-level 50
ip address 10.128.0.1 255.255.255.0
interface GigabitEthernet0/0.2
vlan 20
nameif dmz2
security-level 60
ip address 192.168.0.1 255.255.255.0
-KS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: