Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trunk between PIX and Catalyst switch

Hello,

Yesterday I got extremely good response from the forum how to create VLANs on PIX, I created the subinterfaces and assigned VLANs to them. I configured IP addresses as well. Did the same on the Cat Switch - created SVI and assined them IP add respectivly. Cat Switch shows its port is trunking properly but I cannot ping from PIX to the Switch and vice versa. Please help.

rvr

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Trunk between PIX and Catalyst switch

Is it possible for you to post the configuration of the PIX? At least the interface configuration?

And the trunk interface configuration on the switch?

Regards

Farrukh

17 REPLIES

Re: Trunk between PIX and Catalyst switch

Hi,

In the interface configuration mode did you use the command:

vlan vlan_id

That is did you put the interface in the proper vlan?

Is the encapsulation type on the Catalyst set to 802.1q?

Massimiliano.

New Member

Re: Trunk between PIX and Catalyst switch

I used vlan 10 in subinterface config mode.

I assigned an IP as well. Named the subinterface as TEST and issued no shut. The configuration on the Cat is OK. Encapsulation is dot1q. I have two SVI int vlan 1 and int vlan 10. sh int f1/1 trunk on the Cat shows the post is trunking for VLAN 1 and 10, which is what I want to see.

When I try to ping from the PIX to the Cat, the PIX doesnt know where to go for that IP (in this case IP add of the VLAN 10 SVI on the Cat). The PIX is missing some more configs I think.

Regards,

rvr

Re: Trunk between PIX and Catalyst switch

Do the native vlan bit, then do 'show arp' on PIX (and switch) also to see if they are seeing MACs of each other.

Regards

Farrukh

Re: Trunk between PIX and Catalyst switch

Try to set the native vlan of this trunk port (on the switch) same as the vlan you assigned on the PIX sub-interface. I know it makes no sense, but I'm tell you from past experiences(s), so just do it :)

Then check.

Regards

Farrukh

New Member

Re: Trunk between PIX and Catalyst switch

Configured the NAtive VLAN on the Cat the same as the PIX su interface and still no connection.

Did sh arp - On the PIX didnt get anythig. On the Cat I got only the MAC addresses on SVI/s,

so they dont see each other.

rvr

Re: Trunk between PIX and Catalyst switch

Is it possible for you to post the configuration of the PIX? At least the interface configuration?

And the trunk interface configuration on the switch?

Regards

Farrukh

New Member

Re: Trunk between PIX and Catalyst switch

Here are the configs. Thank you for your help.

regards,

Re: Trunk between PIX and Catalyst switch

Please add this on the switch:

!

interface FastEthernet1/1

switchport trunk encapsulation dot1q

And then see how it goes. Shut/Unshut the port just in case.

Please send output of 'show interfaces trunk' after this.

Regards

Farrukh

New Member

Re: Trunk between PIX and Catalyst switch

Here is the output of sh int f1/1 switchport and sh int f1/1 trunk.

switchport trunk encap dot1q was already inserted.

Re: Trunk between PIX and Catalyst switch

Try this (I know this makes no sense for trunk ports once again) but on the switch

int fa 0/1

switch access vlan 10

And try rebooting both the switch and the firewall if possible. You can also try to change the interface/port on the switch.

Regards

Farrukh

Re: Trunk between PIX and Catalyst switch

Also is the port up/up on the PIX if you do 'show interface'. You should also see a route for this subnet when you do 'show route' on the PIX?

Regards

Farrukh

New Member

Re: Trunk between PIX and Catalyst switch

This subnet is shown as direcrtly connected to "test" interface when I issued sh route on the PIX, which is perfect.

Both int on the PIX e1 and int e1.1 are UP and UP.

Regards,

Re: Trunk between PIX and Catalyst switch

Did you put the switch access vlan 10 commanD?

Regards

Farrukh

New Member

Re: Trunk between PIX and Catalyst switch

No I didn't because I will covert the port from trunk to access and I need this port to carry more than one VLAN. That's my idea to use one Physical port for many VLAN/s on the PIX. On the Switch I will configure several client VLANs that will communicate with the PIX over the trunk. The clients will access their site over VPN (different tunnels) from my network. I am running out of physical ports.

Regards,

rvr

Re: Trunk between PIX and Catalyst switch

No this command will not convert.

switch access vlan 10

If you enter this command tough, IT WILL:

switch mode access

Regards

Farrukh

New Member

Re: Trunk between PIX and Catalyst switch

Thanks for the advice but it's working now without the command switch access vlan 10.

Thank you guys. That issue is resolved.

rvr

Re: Trunk between PIX and Catalyst switch

Told ya buddy :)

I'm glad you have it working.

However I would really like to know the comments of the routing/switching experts on this forum as to WHY it worked :)

Regards

Farrukh

974
Views
0
Helpful
17
Replies