Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
0
Helpful
2
Replies

Cisco PIX 515e HA trunk (802.1q) to a single cisco switch

wanghmk1223
Level 1
Level 1

‎08-04-2005 11:15 PM - edited ‎02-21-2020 12:18 AM

I'm planning to use vlan features on cisco PIX to create multiple private LANs for different oversea branches.

My question is:

1. How can this solution works with PIX failover on a single L2 switch?

2. Can L2 switch trunk to both PIX (primary and failover) ?

0 Helpful
2 Replies 2

smahbub
Level 6
Level 6

‎08-10-2005 10:45 AM

The ability to configure VLANs on a PIX Firewall was introduced with PIX version 6.3. This allows the PIX to establish a 802.1q trunk with another device. Not all models of PIX support VLAN. When configuring VLANs on a PIX, ensure that the physical interface is not assigned the same VLAN ID as the native VLAN on the other end of the trunk. This way, traffic from the PIX does not forward to the native VLAN on the switch. This prevents vulnerability to the jumping VLAN attack. The answer for your query is given below: I hope L2 switch may trunk to both pix if the trunk is added in the 2nd L2 switch with the original L2 switch in order for the PIX stateful failover to work. However, the TCP flow is being interrupted with the failover and thus the stateful fails.

0 Helpful

srdja
Level 1
Level 1

‎08-11-2005 02:21 AM

1. I works just fine (only you have single point of failure - one switch :)). It is better to use this configuration with 2 switches. Connect primary PIx to primary switch, secondary PIX with secondary switch and you will have full redundancy (all connections between switches and PIXes are trunks ports)

2. yes, of course.

Hope this will help you!

rgds,

Srdja

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card