I created 2 ssids and 2 vlans on my aironets. One protected and one open. The protected one is the native vlan1 and the unprotected is vlan3. I can connect to both ssids fine, but when connected to vlan3 I cannot get a dhcp address or internet connectivity when assigned static. Our dhcp server is currently the pix 501 on vlan1. I did the all the trunk and vlan allowed 1,3 cmds on the aironet interface on the catalyst. Is the problem vlan forwarding? How do I go about forwarding, I dont think the 501 can have logical interfaces. Is there some way to forward on the catalyst? Thanks and if you need anymore info let me know.
Thanks for the tip. I just tried entering the inside pix vlan1 address as you said and it didn't seem to help. Do I need to give vlan 3 an ip address too? I did the no shutdown on vlan 3 just to make sure.
One thing i forgot to mention. If you create a layer 3 interface with an IP address for vlan 3 on the 4503 then a user on that vlan can now access anything on vlan 1 or any other vlan you route off the switch for that matter.
As you say the pix 501 doesn't do logical interfaces so you can't use the firewall to segment your traffic.
If you want to restrict traffic from vlan 3 you will need an access-list on vlan 3 interface denying traffic to any other routed vlan on the 4503.
Its me again, sorry. I get what you are saying but when I tried to give vlan 3 an ip it errors and says 10.10.10.0 overlaps with vlan1. I was trying to give vlan 3 the ip 10.10.10.9/24, our internal network id is 10.10.10.0/24. Am I stuck? Because our pix is the dhcp. Thanks again, RT
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...