Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
0
Helpful
3
Replies

Effects of Creating a Logical interface VLAN on PIX 535 OS 6.3(5)

terblac
Level 1
Level 1

‎09-26-2006 10:39 PM - edited ‎02-21-2020 01:11 AM

I would to like clarify if what would the effect if I am to create a logical VLAN interface on a existing and working physical interface?

What would be the effects of this configuration? Would the physical interface be shutdown?

Thanks

0 Helpful
3 Replies 3

andrew.burns
Level 7
Level 7

‎09-27-2006 02:42 AM

Hi,

I'm not sure I exactly understand what you want to do, but logical interfaces require the physical interface to be up - if the physical interface is down then all your logical interfaces will also be down. The act of creating a logical interface does not shutdown the physical interface.

Maybe you could clarify exactly what you want to accomplish?

HTH

Andrew.

0 Helpful

terblac
Level 1
Level 1
In response to andrew.burns

‎09-27-2006 05:05 PM

Andrew,

Yes, the act of creating a logical interface is what I am asking about if it would affect the physical interface, just like below:

interface ethernet3 100full

interface ethernet3 vlan4 physical

interface ethernet3 vlan4020 logical

If ethernet 100full was already connected to a switch and was already in procution. And if I was to create ethernet3 vlan4020 logical, would if affect the ethernet 100full or ethernet vlan4 physical?

I will try to do it here on our PIX.

Thanks

0 Helpful

kamal-learn
Level 4
Level 4
In response to terblac

‎09-27-2006 07:58 PM

i m not sure of what you re trying to accomplish but i ll explain what you did here and what will happen to the packets as they pass accross the interface

*first you are working with a pix under 6.x version, (configuring vlan is simplified a little bit under 7.x specialy when dealing with untagged packets)

*we suppose the port of switch in front of your pix is configured correctly as trunk with dot1q the only supported method for pix, also remember that the switch will send untagged packet within the native vlan

that default to one 1 and can be changed to whatever value within the range.

*so here every packet that hits the interface ethernet3 of your pix for both direction

(toward the switch or from the switch toward the pix) that are untagged or in the native vlan will be dropped (if the native vlan is diffrent from 4), because you forced the pix to do that by specifying the PHYSICAL keyword and assigning a vlan id of 4 , which mean every packet must be tagged and in the expected defined vlan in order to pass accross the interface otherwise it will be dropped.

(your idea here is to use only VLANs that are defined specifically to pass data to and from the firewall while eliminating the possibility that an unexpected VLAN appears on the trunk).

(NOW your physical ethernet3 100full ovelay with the the logical VLAN4)

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card