09-07-2006 08:53 AM - edited 02-21-2020 01:09 AM
Hello all, I am hoping someone can shed some light on this for me. I am trying to set up multiple vlans on my pix box, i.e. vlan2 for subinterface e1.1 and vlan3 for subinterface vlan3. The pix keeps telling me that I need to add a failover license, is that the case for VLAN implementation? Also can the pix box route between the vlans, i.e. I don't have control of my local router so I need to have the pix do it, if possible.
Thanks, Mike Elliott
09-07-2006 09:25 AM
I really dont think failover is a mandatory thing for vlan implementation... havent seen any docs stating this... when implementing vlans on pix, each vlan is a kind of DMZ interface on the PIX.
so, to communicate between vlans, you need to define the statics and ACLs on the PIX, just as defining between normal interfaces (inside/outside etc)... so, pix as a box will route traffic between vlans...
hope this helps.. all the best.. rate replies if useful..
Raj
09-07-2006 09:43 AM
I havn't seen any docs saying that either, however once you set up a subinterface it "thinks" you are setting up a failover interface (I assume) - so when the pix reloads it gives the error, "invalid command at line 38 - failover license required".
Ok on the statics, makes sense. However documentation about vlans and the pix is pretty hard to find, all they say is that starting with pix 6.3 vlan support was added. I am running 7.0(4).
09-07-2006 11:03 AM
I know this is a pretty simple answer but did you do a show failover? Does show failover show it as off? Maybe you should try turning off the failover feature.
09-07-2006 11:26 AM
actually it is activated with the license key (activation key), so you can't turn it on/off without the proper license, if you try the error of "command requires failover license" appears.
09-08-2006 11:18 AM
Apparently what I was experiencing is a bug that appears when you upgrade to 7.x. In case you care here is the bug number and you can use the tool to look it up - either way it is purely cosmetic.
BUG - CSCsc23718
>mike elliott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide