Re: PIX interface... VLAN command

mallenson · ‎03-10-2004

I have a lab PIX with 6.3(3) on it and I tried to setup a logical interface with the following:

"interface ethernet2 10 logical"

This fails to create a logical interface, do I have to create a vlan somehow first?

PIX is 515 (Not the E type) and has a restricted version software release with only DES enabled if that matters?

A sample configuration of using VLANs on PIX would be great if anyone has one.

Thanks,

mostiguy · ‎03-11-2004

what did the pix say after you entered that command? what does a show interface show?

pmays · ‎03-11-2004

The PIX 515R can support 3 logical interfaces.

Check here for config information:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#1113411

hopefully that helps...

mallenson · ‎03-25-2004

This helped a lot, Thanks!

FYI, I spent another day finding another problem, here is the scoop if your interested...

When you setup the vlan with the "physical" entry the firewall uses a different native vlan than expected. Just by luck I found that if for instance you enter.

interface ethernet2 vlan2 physical

the firewall uses a native vlan 1

if you use interface ethernet2 vlan1 physical

the firewall uses native vlan 2

This continues to flip flop if you use

vlan 3 - 4

vlan 5 - 6

etc..

I had to use opposite native vlan on switch side to get traffic to pass on native vlan. Did not find a bug, but this is not the way it should work!

Again, Thanks for the help!

jgarciav · ‎06-22-2004

Hi,

I am trying to put VLAN 1 in a trunk betweend pix and catalyst 65000, but I have issues,. Have you done it?, and How?.

Thank you for help