Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Intervlan routing?

Hi,

Overview of the basic layout is as show in the attachment. An additional note is that, the PIX and R7 is connected through a switch, CAT2.

*VLAN 24 is the primary untagged VLAN

CAT2 - PIX

interface FastEthernet0/2

switchport access vlan 24

switchport mode access

CAT2 - R7

interface FastEthernet0/7

switchport access vlan 7

switchport mode access

PIX

interface Ethernet0

nameif outside

security-level 0

ip address 192.1.24.10 255.255.255.0

!

interface Ethernet0.7

vlan 7

nameif DMZ7

security-level 25

ip address 10.7.7.10 255.255.255.0

R7

interface FastEthernet0/0

ip address 10.7.7.7 255.255.255.0

duplex auto

speed auto

ip route 0.0.0.0 0.0.0.0 10.7.7.10

Above is the configurations as I have entered them, and VLANs have been created on the switch. As I can see, PIX E0 is in VLAN 24 and PIX E0.7 is in VLAN 7 and my R7 FA0/0 is also in VLAN7.

I am unable to ping the R7 address, 10.7.7.7 from the PIX. I think there is a problem with the VLANs, can anyone advise?

4 REPLIES

Re: Intervlan routing?

Hi

I think the interface to which PIX is connected it should be a trunk port.

U should define the default route in the switch not in the router.

U r router should have a route pointing to the SVI for which its the member of i.e vlan7

Have u created any SVI's in the switch..?

Thanks

Mahmood

New Member

Re: Intervlan routing?

Hi Mahmood,

Thanks for your reply, yup changing the switchport to trunk mode did it. I forgot to try that. Thanks for your help.

New Member

Re: Intervlan routing?

On the switch port connected to the PIX, you need to make it a trunk with both VLANs.

interface FastEthernet0/2

description Trunk to PIX

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk native vlan 24

switchport trunk allow vlan 7,24

The "switchport trunk encapsulation dot1q" line may or may not be needed depending on the model and IOS version on the switch.

Your subject says "Intervlan routing" but it looks as if you really want straight layer 2 trunking on the switch. If you route between VLANs on the switch, you'll bypass the PIX firewall functionality.

I'm assuming that not shown is a switch port configured as access on VLAN 24 that connects to the Internet, also that R7 is an inside router for traffic on the DMZ.

New Member

Re: Intervlan routing?

thanks for the help =)

148
Views
0
Helpful
4
Replies
CreatePlease to create content