12-19-2008 05:47 AM - edited 03-06-2019 03:03 AM
Hi all,
I have a 6506E switch with multiple VLAN's. I need to interconnect 2 groups of VLAN's via a PIX 525E running 6.2 so can't subinterface. Is it possible to run a routing process on the 6506E for vlans's a-c and another also on the 6506E for vlan's d-f allowing the firewall to control access between the groups? By default the 6506E routes all the connected vlans a-f together which circumvents the firewall.
TIA Zac
12-19-2008 07:12 AM
Zac
Yes you can do this using VRF-lite -
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/vrf.html
I know this doc is for the 4500 but it works on the 6500, i can just never fine the doc for that.
Vrf-lite will allow you to have 2 completely separate routing and forwarding tables one for vlan a-c (vrf1) and one for vlans d - f (vrf2).
Assuming you are using 2 interfaces on the pix you would then allocate ports that the interfaces connect into on the 6500 as either vrf1 or vrf2.
Jon
03-17-2009 07:33 AM
Apologies for not getting back to you. Many thanks for the info but in the end the topology changed so this was no longer required and I forgot I'd even asked the question!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide