https://community.cisco.com/t5/network-security/pix-vlans/m-p/911499#M962690 <HTML><HEAD></HEAD><BODY><P>Hi, where is the trunk config on the PIX can you post that portion.</P><P></P><P>Rgds</P><P>Jorge</P><P></P></BODY></HTML> Sat, 22 Sep 2007 21:33:04 GMT JORGE RODRIGUEZ 2007-09-22T21:33:04Z https://community.cisco.com/t5/network-security/pix-vlans/m-p/911498#M962689 <P>I have a PIX 515 running 7.2(2). I am trying to set up a public and a private network to separate the traffic. My PIX doesn't seem to want to participate in the VLAN. VLAN 1 is my private VLAN and VLAN 2 is my public VLAN. My Switch is a 3560.</P><P>PIX Config</P><P>interface Ethernet1</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P>interface Ethernet1.1</P><P> vlan 1</P><P> nameif inside</P><P> security-level 100</P><P> ip address 10.0.0.1 255.255.255.0</P><P>!</P><P>interface Ethernet1.2</P><P> vlan 2</P><P> nameif public</P><P> security-level 10</P><P> ip address 172.16.0.1 255.255.255.0</P><P></P><P>Switch Config</P><P>interface FastEthernet0/1</P><P> switchport trunk encapsulation dot1q</P><P> switchport mode trunk</P><P>interface Vlan1</P><P> ip address 10.0.0.221 255.255.255.0</P><P></P><P>I can't ping either direction. I do see the MAC address for the PIX in the ARP cache on the switch.</P><P>What am I doing wrong?</P><P>Thanks,</P> Mon, 11 Mar 2019 11:15:31 GMT https://community.cisco.com/t5/network-security/pix-vlans/m-p/911498#M962689 mdieken01 2019-03-11T11:15:31Z https://community.cisco.com/t5/network-security/pix-vlans/m-p/911499#M962690 <HTML><HEAD></HEAD><BODY><P>Hi, where is the trunk config on the PIX can you post that portion.</P><P></P><P>Rgds</P><P>Jorge</P><P></P></BODY></HTML> Sat, 22 Sep 2007 21:33:04 GMT https://community.cisco.com/t5/network-security/pix-vlans/m-p/911499#M962690 JORGE RODRIGUEZ 2007-09-22T21:33:04Z https://community.cisco.com/t5/network-security/pix-vlans/m-p/911500#M962691 <HTML><HEAD></HEAD><BODY><P>What Trunk configuration for the PIX? Maybe that is what I am missing.</P></BODY></HTML> Sat, 22 Sep 2007 21:36:15 GMT https://community.cisco.com/t5/network-security/pix-vlans/m-p/911500#M962691 mdieken01 2007-09-22T21:36:15Z https://community.cisco.com/t5/network-security/pix-vlans/m-p/911501#M962692 <HTML><HEAD></HEAD><BODY><P>Hi, where is the trunk config on the PIX can you post that portion.</P><P></P><P>[EDIT] never mind and sorry about that, 802.1q is automatically enable when creating logical interfaces.</P><P></P><P>Is the interface up on the PIX where you have the trunk.</P><P></P><P></P><P>If you connect a host in one of the vlans and try to ping its defaul gateway say 10.0.0.1 can you get replies.</P><P> </P><P></P><P>Rgds</P><P>Jorge</P><P></P></BODY></HTML> Sat, 22 Sep 2007 21:45:05 GMT https://community.cisco.com/t5/network-security/pix-vlans/m-p/911501#M962692 JORGE RODRIGUEZ 2007-09-22T21:45:05Z https://community.cisco.com/t5/network-security/pix-vlans/m-p/911502#M962693 <HTML><HEAD></HEAD><BODY><P>Mark, few things to look into.</P><P></P><P>First: From the PIX if you can ping the interfaces 172.16.0.1 and 10.0.0.1 that will</P><P>indicate they are pingable.</P><P></P><P>Second: From the switch issues " show interface trunk " to see the vlans passing through that trunk.</P><P></P><P>Third: Make sure you have created the vlans in the switch correspnding to these two new routable networks , check your vlan database.</P><P></P><P>Forth: Assign proper vlan membership on ports corresponding to these two new vlans.</P><P></P><P>Fith: From lower security level to highest security level you need access list to allow communications from 172.16.0.0/24 to 10.0.0.0/24 network, that include icmp or any other ports required.</P><P></P><P>HTH</P><P>Jorge</P><P></P><P></P><P></P></BODY></HTML> Sun, 23 Sep 2007 15:40:22 GMT https://community.cisco.com/t5/network-security/pix-vlans/m-p/911502#M962693 JORGE RODRIGUEZ 2007-09-23T15:40:22Z