Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to create VLAN on Cisco PIX 6.3?

Hi,

how to create vlan on pix-6.3? i am bit confused.

how do i assign a single internet face with multiple ip address(not secondary IP address) for each & every vlan?

how to i connect to the switch, i mean if i put "switch port mode trunk" on the switch side, what command should i need on the PIX "inside" interface? in router the command is "encapsulation dot1Q 1"

also is there any restrictions that only limited vlans can be created or it is unlimited?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to create VLAN on Cisco PIX 6.3?

hi

When you configure your interface, you usualy do it like that

interface ethernet0 auto

interface ethernet1 auto

Let's say that ethernet1 is a trunk with 2 vlan and a native vlan, you need to add to your config:

interface ethernet1 vlan100 logical

interface ethernet1 vlan200 logical

After that you need to name those interfaces and set the security level.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan200 V200 security4

nameif vlan100 V100 security6

This configuration will give you an interface(eth1) with 1 native vlan(inside) and 2 tagged vlan(v200 and v100)

PIX will not negociate a trunk, your switch config is correct.

4 REPLIES

Re: How to create VLAN on Cisco PIX 6.3?

hi

When you configure your interface, you usualy do it like that

interface ethernet0 auto

interface ethernet1 auto

Let's say that ethernet1 is a trunk with 2 vlan and a native vlan, you need to add to your config:

interface ethernet1 vlan100 logical

interface ethernet1 vlan200 logical

After that you need to name those interfaces and set the security level.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan200 V200 security4

nameif vlan100 V100 security6

This configuration will give you an interface(eth1) with 1 native vlan(inside) and 2 tagged vlan(v200 and v100)

PIX will not negociate a trunk, your switch config is correct.

Re: How to create VLAN on Cisco PIX 6.3?

Oups, forgot your last question,

The number of interface in related to your hardware and your license type. Review this link in the vlan section...your find a matrix with your info in it

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1113411

Re: How to create VLAN on Cisco PIX 6.3?

Thanks Dominic,

u say that "PIX will not negotiate a trunk, your switch config is correct" does it mean that "switchport mode trunk" alone is enuf in my switch for the provided vlan configuration on pix? & does it allows all vlanz to my switch?

ofcourse mine is a un-restricted license, so max i can hav 8 vlanz :-)

Re: How to create VLAN on Cisco PIX 6.3?

switchport mode trunk will send all vlan to the PIX, if you want to restrict, simply use a allowed vlan list on the switch interface.

2377
Views
0
Helpful
4
Replies
CreatePlease to create content