Cisco Support Community
Community Member

VLANs and a PIX

I would like someones evaluation on something that I want to do, but think maybe I'm confused a bit.

i just bought a Cat4506 to replace about 200 ports on older 2900 XL switches. I also have a PIX 515 with 3 ports (inside, outside and an industrial ethernet segment on the other).

The inside segment is my business LAN and it has the CAT4506 and all the new modules. My Industrial segment has only some older 1900 switches and some hubs.

I would like to create 2 VLANS (one for the Business LAN, and one for the Process Ethernet) and use the good Business infrastructure for both. One other reason for this is that the Business LAN has fiber almost everywhere, while the Process LAN uses UTP and Coax for some segments.

My biggest problem/concern is that the only way the LANs are communicating now is through the PIX, so is it reasonable that once I layer one LAN "on top" of the other LAN that I set one port on one of the CAT4500 modules to VLAN1 and another to VLAN2 and run them into the PIX the same as before?

I don't want to create any ACL's or use routers between segments but continue to use the PIX as the gateway and just take advantage of the better infrastructure of the Cat4500 for both.

Any thoughts on this approach? Am I out of my mind with this?

Thank You


Re: VLANs and a PIX

Both these VLAN's are going to be in just a single switch or is this going to extend beyond a switch.Clarify me regarding this so that I can give u a clear answer.Anyway, based on my understanding of ur requirement and setup, I think u can create one VLAN completely for "Business" and the next VLAN for "process Ethernet" and use any layer 3 technology for communication between these 2 VLANs.

Community Member

Re: VLANs and a PIX

They will extend beyond the 4500s modules to other Catalyst switches also. I want to use all the infrastructure I have to extend access to the particular LAN. Right now I have a Process LAN in a particular section of my facility. I need access to the Business LAN for some devices so instead of cabling a parallel network out to the location I would want to dedicate a particular port as VLAN1 (Business) and the other ports as VLAN2 (Process).

I hope this expalins my situation better.


CreatePlease to create content