PIX-515 interface errors

jigsaw2026 · ‎12-07-2006

We have a physical interface that has 2 vlans on it. On show interface, there is the following:

21450335 invalid VLAN ID errors, 61212 native VLAN errors

The invalid VLAN ID errors are incrementing by about 120 a minute....does anyone have any ideas what causes them? There's nothing in the logs. Is it a config problem on a host?

Thanks

J

sachinraja · ‎12-07-2006

hello J,

Can you post us the configs please? probably there are some mismatches on the native vlan configured on the switch and the PIX firewalls... usually on a well-configured PIX, u will not get such errors... First, make the switch with plain configs (only configure trunk) and see if u get these errors...

Raj

jigsaw2026 · ‎12-08-2006

Many thanks Raj for your response.

Well here is a section of the config:

interface ethernet1 100full

interface ethernet1 vlan30 physical

interface ethernet1 vlan1 logical

nameif ethernet1 A security100

nameif vlan1 B security85

ip address A 192.168.1.0 255.255.255.0

ip address B 192.168.2.0 255.255.255.0

Unfortunately this is a live environment so I can't play around with it.

Any idea what the errors indicate?

Thanks,

J

jgervia_2 · ‎12-08-2006

Well, the pix considers the physical interface the 'native' vlan - are you sure the native vlan configured on the trunk is vlan 30?

I'm assuming that the 192.168.1.0 network is working?

Also - can you send us the configuration for that portion of the switch (the trunk?)

--Jason

jigsaw2026 · ‎12-13-2006

Hi Jason,

Many thanks for your response.

The native vlan on the trunk port is 1 (default). Do you think that's where the problem lies - for VLAN ID errors and native ID errors?

interface FastEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

no logging event link-status

duplex full

speed 100

no snmp trap link-status

no mdix auto

end

Thank you,

J