Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
0
Helpful
4
Replies

PIX VLANs

mdieken01
Level 1
Level 1

‎09-22-2007 01:30 PM - edited ‎03-11-2019 04:15 AM

I have a PIX 515 running 7.2(2). I am trying to set up a public and a private network to separate the traffic. My PIX doesn't seem to want to participate in the VLAN. VLAN 1 is my private VLAN and VLAN 2 is my public VLAN. My Switch is a 3560.

PIX Config

interface Ethernet1

no nameif

no security-level

no ip address

!

interface Ethernet1.1

vlan 1

nameif inside

security-level 100

ip address 10.0.0.1 255.255.255.0

!

interface Ethernet1.2

vlan 2

nameif public

security-level 10

ip address 172.16.0.1 255.255.255.0

Switch Config

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

interface Vlan1

ip address 10.0.0.221 255.255.255.0

I can't ping either direction. I do see the MAC address for the PIX in the ARP cache on the switch.

What am I doing wrong?

Thanks,

Labels:
0 Helpful
4 Replies 4

JORGE RODRIGUEZ
Level 10
Level 10

‎09-22-2007 02:33 PM

Hi, where is the trunk config on the PIX can you post that portion.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

mdieken01
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎09-22-2007 02:36 PM

What Trunk configuration for the PIX? Maybe that is what I am missing.

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10

‎09-22-2007 02:45 PM

Hi, where is the trunk config on the PIX can you post that portion.

[EDIT] never mind and sorry about that, 802.1q is automatically enable when creating logical interfaces.

Is the interface up on the PIX where you have the trunk.

If you connect a host in one of the vlans and try to ping its defaul gateway say 10.0.0.1 can you get replies.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10

‎09-23-2007 08:40 AM

Mark, few things to look into.

First: From the PIX if you can ping the interfaces 172.16.0.1 and 10.0.0.1 that will

indicate they are pingable.

Second: From the switch issues " show interface trunk " to see the vlans passing through that trunk.

Third: Make sure you have created the vlans in the switch correspnding to these two new routable networks , check your vlan database.

Forth: Assign proper vlan membership on ports corresponding to these two new vlans.

Fith: From lower security level to highest security level you need access list to allow communications from 172.16.0.0/24 to 10.0.0.0/24 network, that include icmp or any other ports required.

HTH

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card