Cisco Support Community
Community Member

Just starting out. VLAN issues.

Using one 3560 switch,  I would like to create 3 vlans. As follows

vlan 5    

vlan 10

vlan 20

vlan 5 connects the switch to a PIX for internet connection.  PIX is asigned

Workstation A is in vlan 10.

Workstation B is in vlan 20.

Both workstations have the correct vlan svi ip address as their default gateway.

I can ping the workstations from one and another yet I can not ping the PIX from either workstation.  I can ping the PIX from the switch however.

IP routing is enabled on the switch.

I have a static route as:  ip route in the switch.

What am I missing?

Everyone's tags (1)

Just starting out. VLAN issues.

Does your PIX have a route to the two workstation networks ( and

I assume you're using a regular ping (ping from the switch to ping the PIX. In this case, the switch likely sources the ping from the network, which is directly connected to the PIX so the PIX has a route.  However, you will need some method for the PIX to know of the route to the other networks (whether static or dynamic).

Community Member

Re: Just starting out. VLAN issues.

No other than the route outside 1  defined in the PIX which points to the 2620 router connected to OUTSIDE ethernet 0.   No routes for the networks I created in the switch.  

Do i need to create routes when pinging INSIDE ethernet 1 of the PIX from the workstations?

WHOOPS... This what happens when trying to eat my lunch and respond.  I hadn't seen the last part of your reply. 


Re: Just starting out. VLAN issues.

Every device needs a route to networks other than the ones to which it is directly connected.  Most end stations get a route via a default gateway (as in the case of your workstations).  Your PIX will also need a route to any network that it is not directly connected to.  You have several options that will depend on your particular setup, but the most likely are:

1) Add two static route statements to the PIX (one for each Workstation network...pointing to the VLAN 5 SVI of the switch as the next-hop)

2) Add a default route statement to the PIX pointing to the VLAN 5 SVI of the switch (probably not as useful; depending on your set-up, you'll probably want a default route to something upstream of the PIX)

3) Use a routing protocol on your internal network to distribute routes (may not be as useful if this is the extent of your network)

Given only the info provided, I'd suggest adding two static route statements to the PIX.  That is the low-cost solution. 

Update:  Our replies crossed - no problems!  Feel free to holler if anything else pops up!

Community Member

Re: Just starting out. VLAN issues.

On the PIX I entered:

route inside 1

route inside 1

I'm able to ping now. 


Re: Just starting out. VLAN issues.


CreatePlease to create content