Solved: Re: 802.1Q tagging with PIX 6.3(1)

engel · ‎06-18-2003

Does anyone use VLAN tagging with PIX 6.3(1) ? I could make an ethernet (for example eth0) as a trunking port to transport vlan2/vlan3/vlan4 . But the PIX doesn`t allow to define ethernet 1 as an access port belongs to vlan 2. Or if I try to assign ethernet3 belongs to vlan3, this would be rejected by the PIX also.

I thought that the PIX concept of assigning trunking port and access port to a vlan should be the same with Catalyst switches, but seems like I am wrong . Anyone can point to the right direction ?

Best Regards,

Engel

r.crist · ‎06-18-2003

Engel: configuring the vlans on the PIX isn't the same as doing it on the switch. The PIX interfaces aren't configured as 'trunk' ports or 'access' ports. With the PIX, you can assign a vlan to either a physical interface - or assign a vlan as a logical interface on a physical interface. And the vlan is restricted to a single PIX interface - either physical or logical Here's a sample config:

interface ethernet1 100full

interface ethernet1 vlan50 physical

interface ethernet1 vlan60 logical

interface ethernet1 vlan70 logical

interface ethernet1 vlan90 logical

interface ethernet2 100full

interface ethernet2 vlan20 physical

interface ethernet2 vlan1 logical

interface ethernet2 vlan30 logical

interface ethernet2 vlan40 logical

!

nameif ethernet1 Win2K security52

nameif ethernet2 NT4 security90

nameif vlan60 User60 security53

nameif vlan70 User70 security54

nameif vlan90 User90 security55

nameif vlan1 Management security91

nameif vlan30 Novell security50

nameif vlan40 Misc security51

!

ip address Win2K 10.2.50.1 255.255.255.0

ip address NT4 10.2.20.1 255.255.255.0

ip address User60 10.2.60.1 255.255.255.0

ip address User70 10.2.70.1 255.255.255.0

ip address User90 10.1.90.1 255.255.255.0

ip address Management 10.2.1.1 255.255.255.0

ip address Novell 10.2.30.1 255.255.255.0

ip address Misc 10.2.40.1 255.255.255.0

Hope this helps!

View solution in original post

r.crist · ‎06-18-2003