https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367153#M744849 <HTML><HEAD></HEAD><BODY><P>Exactly.&nbsp; You got it. But, the config looks like this. Pls. leave the main interface blank.</P><P></P><P>Here is a sample:</P><P></P><PRE>interface GigabitEthernet0/0<BR /> speed 100<BR /> duplex full<BR /> no nameif<BR /> no security-level<BR /> no ip address<BR />!<BR />interface GigabitEthernet0/0.1<BR /> vlan 10<BR /> nameif dmz1<BR /> security-level 50<BR /> ip address 10.128.0.1 255.255.255.0<BR /><BR />interface GigabitEthernet0/0.2<BR /> vlan 20<BR /> nameif dmz2<BR /> security-level 60<BR /> ip address 192.168.0.1 255.255.255.0<BR /><BR /><BR /></PRE><P></P><P>-KS</P></BODY></HTML> Wed, 13 Jan 2010 18:46:10 GMT Kureli Sankar 2010-01-13T18:46:10Z https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367149#M744845 <P>does anybody know if you can "bundle" gig interfaces on a PIX 535 and then further use the bundled interface as a trunk?</P><P></P><P>Thanks</P><P></P><P>Bruce</P> Mon, 11 Mar 2019 16:57:30 GMT https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367149#M744845 Bruce Summers 2019-03-11T16:57:30Z https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367150#M744846 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>bruce.summers wrote:</P><P></P><P>does anybody know if you can "bundle" gig interfaces on a PIX 535 and then further use the bundled interface as a trunk?</P><P></P><P>Thanks</P><P></P><P>Bruce</P></PRE><P></P><P>Bruce</P><P></P><P>No the pix firewalls do not support etherchannel ie. bundling multiple physical links into one logcial link.</P><P></P><P>You can however run a physical interface to a switch and configure the link as an 802.1Q trunk on the switch end and then have subinterfaces on the pix firewall but you probably know this already.</P><P></P><P>Jon</P></BODY></HTML> Wed, 13 Jan 2010 17:44:43 GMT https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367150#M744846 Jon Marshall 2010-01-13T17:44:43Z https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367151#M744847 <HTML><HEAD></HEAD><BODY><P>well...</P><P></P><P>I am learning quickly about the subinterfaces...</P><P></P><P>so, based on what you're saying, i could do the following:</P><P></P><P>int g1</P><P></P><P>subint g1.35</P><P>&nbsp;&nbsp;&nbsp;&nbsp; vlan 1234</P><P>&nbsp;&nbsp;&nbsp;&nbsp; vlan 3456</P><P></P><P>connect g1 to switch A 1/0/1 and configure switch A's uplink interface as an 802.1q trunk allowing vlan1234 and vlan3456</P><P></P><P>thats what you're referring to, correct?</P></BODY></HTML> Wed, 13 Jan 2010 17:56:40 GMT https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367151#M744847 Bruce Summers 2010-01-13T17:56:40Z https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367152#M744848 <HTML><HEAD></HEAD><BODY><P>I just tested that out...</P><P></P><P>Yes, that makes sense now..i can trunk vlans up to the switch using a single physical interface and configure sub-interfaces to be allocated to my security context(s) to function as vlan interfaces...</P><P></P><P>but, the best i'm going to be able to do it looks like, is use the redundant interface option...this will give me some "failover" capability, but not provide the 2 gig throughput i was hoping to get...</P><P></P><P>does that pretty much sum it up...</P><P></P><P>Also, i've heard ver 8.0 is "unstable" any thoughts on that...</P><P></P><P>bruce</P></BODY></HTML> Wed, 13 Jan 2010 18:08:29 GMT https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367152#M744848 Bruce Summers 2010-01-13T18:08:29Z https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367153#M744849 <HTML><HEAD></HEAD><BODY><P>Exactly.&nbsp; You got it. But, the config looks like this. Pls. leave the main interface blank.</P><P></P><P>Here is a sample:</P><P></P><PRE>interface GigabitEthernet0/0<BR /> speed 100<BR /> duplex full<BR /> no nameif<BR /> no security-level<BR /> no ip address<BR />!<BR />interface GigabitEthernet0/0.1<BR /> vlan 10<BR /> nameif dmz1<BR /> security-level 50<BR /> ip address 10.128.0.1 255.255.255.0<BR /><BR />interface GigabitEthernet0/0.2<BR /> vlan 20<BR /> nameif dmz2<BR /> security-level 60<BR /> ip address 192.168.0.1 255.255.255.0<BR /><BR /><BR /></PRE><P></P><P>-KS</P></BODY></HTML> Wed, 13 Jan 2010 18:46:10 GMT https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367153#M744849 Kureli Sankar 2010-01-13T18:46:10Z https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367154#M744850 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>bruce.summers wrote:</P><P></P><P>I just tested that out...</P><P></P><P>Yes, that makes sense now..i can trunk vlans up to the switch using a single physical interface and configure sub-interfaces to be allocated to my security context(s) to function as vlan interfaces...</P><P></P><P>but, the best i'm going to be able to do it looks like, is use the redundant interface option...this will give me some "failover" capability, but not provide the 2 gig throughput i was hoping to get...</P><P></P><P>does that pretty much sum it up...</P><P></P><P>Also, i've heard ver 8.0 is "unstable" any thoughts on that...</P><P></P><P>bruce</P></PRE><P></P><P>Bruce</P><P></P><P>That is the tradeoff with using subinterfaces i'm afraid in that you now have multiple vlans sharing the 1Gbps bandwidth of the physical interface.</P><P></P><P>Not had any experience with v8.x as yet so can't really comment.</P><P></P><P>Jon</P></BODY></HTML> Wed, 13 Jan 2010 18:47:09 GMT https://community.cisco.com/t5/network-security/pix-535-interface-bundling/m-p/1367154#M744850 Jon Marshall 2010-01-13T18:47:09Z