Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix 535 interface bundling

does anybody know if you can "bundle" gig interfaces on a PIX 535 and then further use the bundled interface as a trunk?

Thanks

Bruce

5 REPLIES
Hall of Fame Super Blue

Re: Pix 535 interface bundling

bruce.summers wrote:

does anybody know if you can "bundle" gig interfaces on a PIX 535 and then further use the bundled interface as a trunk?

Thanks

Bruce

Bruce

No the pix firewalls do not support etherchannel ie. bundling multiple physical links into one logcial link.

You can however run a physical interface to a switch and configure the link as an 802.1Q trunk on the switch end and then have subinterfaces on the pix firewall but you probably know this already.

Jon

New Member

Re: Pix 535 interface bundling

I just tested that out...

Yes, that makes sense now..i can trunk vlans up to the switch using a single physical interface and configure sub-interfaces to be allocated to my security context(s) to function as vlan interfaces...

but, the best i'm going to be able to do it looks like, is use the redundant interface option...this will give me some "failover" capability, but not provide the 2 gig throughput i was hoping to get...

does that pretty much sum it up...

Also, i've heard ver 8.0 is "unstable" any thoughts on that...

bruce

Hall of Fame Super Blue

Re: Pix 535 interface bundling

bruce.summers wrote:

I just tested that out...

Yes, that makes sense now..i can trunk vlans up to the switch using a single physical interface and configure sub-interfaces to be allocated to my security context(s) to function as vlan interfaces...

but, the best i'm going to be able to do it looks like, is use the redundant interface option...this will give me some "failover" capability, but not provide the 2 gig throughput i was hoping to get...

does that pretty much sum it up...

Also, i've heard ver 8.0 is "unstable" any thoughts on that...

bruce

Bruce

That is the tradeoff with using subinterfaces i'm afraid in that you now have multiple vlans sharing the 1Gbps bandwidth of the physical interface.

Not had any experience with v8.x as yet so can't really comment.

Jon

New Member

Re: Pix 535 interface bundling

well...

I am learning quickly about the subinterfaces...

so, based on what you're saying, i could do the following:

int g1

subint g1.35

     vlan 1234

     vlan 3456

connect g1 to switch A 1/0/1 and configure switch A's uplink interface as an 802.1q trunk allowing vlan1234 and vlan3456

thats what you're referring to, correct?

Cisco Employee

Re: Pix 535 interface bundling

Exactly.  You got it. But, the config looks like this. Pls. leave the main interface blank.

Here is a sample:

interface GigabitEthernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.1
vlan 10
nameif dmz1
security-level 50
ip address 10.128.0.1 255.255.255.0

interface GigabitEthernet0/0.2
vlan 20
nameif dmz2
security-level 60
ip address 192.168.0.1 255.255.255.0


-KS

372
Views
0
Helpful
5
Replies
CreatePlease to create content