Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2965
Views
0
Helpful
4
Replies

How to create VLAN on Cisco PIX 6.3?

Go to solution
Anand Narayana
Level 6
Level 6

‎05-31-2007 09:57 PM - edited ‎02-21-2020 01:33 AM

Hi,

how to create vlan on pix-6.3? i am bit confused.

how do i assign a single internet face with multiple ip address(not secondary IP address) for each & every vlan?

how to i connect to the switch, i mean if i put "switch port mode trunk" on the switch side, what command should i need on the PIX "inside" interface? in router the command is "encapsulation dot1Q 1"

also is there any restrictions that only limited vlans can be created or it is unlimited?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dominic.caron
Level 5
Level 5

‎06-01-2007 05:41 AM

hi

When you configure your interface, you usualy do it like that

interface ethernet0 auto

interface ethernet1 auto

Let's say that ethernet1 is a trunk with 2 vlan and a native vlan, you need to add to your config:

interface ethernet1 vlan100 logical

interface ethernet1 vlan200 logical

After that you need to name those interfaces and set the security level.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan200 V200 security4

nameif vlan100 V100 security6

This configuration will give you an interface(eth1) with 1 native vlan(inside) and 2 tagged vlan(v200 and v100)

PIX will not negociate a trunk, your switch config is correct.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
dominic.caron
Level 5
Level 5

‎06-01-2007 05:41 AM

hi

When you configure your interface, you usualy do it like that

interface ethernet0 auto

interface ethernet1 auto

Let's say that ethernet1 is a trunk with 2 vlan and a native vlan, you need to add to your config:

interface ethernet1 vlan100 logical

interface ethernet1 vlan200 logical

After that you need to name those interfaces and set the security level.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan200 V200 security4

nameif vlan100 V100 security6

This configuration will give you an interface(eth1) with 1 native vlan(inside) and 2 tagged vlan(v200 and v100)

PIX will not negociate a trunk, your switch config is correct.

0 Helpful

Go to solution
dominic.caron
Level 5
Level 5

‎06-01-2007 05:44 AM

Oups, forgot your last question,

The number of interface in related to your hardware and your license type. Review this link in the vlan section...your find a matrix with your info in it

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1113411

0 Helpful

Go to solution
Anand Narayana
Level 6
Level 6
In response to dominic.caron

‎06-01-2007 08:28 AM

Thanks Dominic,

u say that "PIX will not negotiate a trunk, your switch config is correct" does it mean that "switchport mode trunk" alone is enuf in my switch for the provided vlan configuration on pix? & does it allows all vlanz to my switch?

ofcourse mine is a un-restricted license, so max i can hav 8 vlanz :-)

0 Helpful

Go to solution
dominic.caron
Level 5
Level 5
In response to Anand Narayana

‎06-02-2007 03:09 PM

switchport mode trunk will send all vlan to the PIX, if you want to restrict, simply use a allowed vlan list on the switch interface.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card