PIX 525, Catalyst 2900 and VLAN

bbanis2k · ‎12-22-2004

I'm wanting to separate my switchports logically with VLANs and I'm wondering what my configuration should be.

For each interface that I want to communicate I will run the below command in interface configuration mode.

switchport access vlan 7

I will do this on two fast ethernet interfaces that have servers connected to them and the port that uplinks to the PIX.

What do I need to setup on the PIX for this to work?

Thx

BBanis2K

ehirsel · ‎12-22-2004

From the pix point of view, you can configure it in the normal pix method - that is you do not have to use the logical interface/vlan tagging capabilities of the pix 6.3.1 and higher code. I would enable portfast on all end-station and pix interface ports.

The switchport that will house the pix interface connection will also need to be in vlan 7; I would make that an access vlan as well. I assume that you already setup the switch mgmt interface in a vlan other than 7.

As far as the pix config is concerned, I assume that its main duties is to protect those servers. Is that correct, or will it see those servers as being in a perimeter network, with end-user stations being treated as the inside network. The answer to this question will tell you how to weight the interfaces and whether or not you need to use statics, and if so how to code them.

This is the link to the pix 6.3 config guide and references:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/index.htm

I would start with the firewall and vpn config guide first. Let me know if you have any questions.