08-09-2007 03:35 AM - edited 03-11-2019 03:55 AM
Is it possible to pass vlan tags through either a PIX 535 or a CISCO 6503?
Scenario:
I have several switches in line with each other, all layer 2, connected to one router.
Router ----> Switch ----> Switch
I'm running a handful of different vlans from the router out to the final switch.
We have two firewalls ready to be installed, either a 6503, or a PIX 535. I need to put one or the other in between the two switches, without changing the layer two topology. In essence, I want to be able to insert the firewall without the network seeing anything different.
Is this possible?
Looking forward to any replies... I got a boss that's waiting for an answer! =)
08-09-2007 04:34 AM
Hey..
How r u?
See, You can achieve this on PIX 535 by using bridge group command.
Steps:
1. enable
2. configure terminal
3. interface [Ethernet | FastEthernet | GigabitEthernet] x/0
4. ip address ip-address mask
5. interface [Ethernet | FastEthernet | GigabitEthernet] x/0.vlan-id
6. encapsulation dot1q vlan-id
7. bridge group number
8. end
And in 6503 :
You need FWSM module: You can figure it easily. I raccomand as of your scenario FWSM.
Regards,
Dharmesh Purohit
08-09-2007 05:09 AM
So, setting up a virtual interface on the PIX or 6503 (whichever I decide to use), will put the firewall within the VLAN, and will still be able to process each packet on the other VLAN's with its firewall ruleset?
Dumb Question: Do I need to make a virtual interface for each VLAN that will be passing through it, and can I associate the firewall's management IP address in one of those VLAN's?
I have a management VLAN that I'm passing from the router to the switches. Can I give the firewall an IP on my management VLAN and be able to communicate with it like I do with the rest of my switches?
Forgive me for the ignorant questions, as I have absolutely zero experiece with the PIX or any of CISCO's firewalls.
Thank you in advance!
-Shafer
08-09-2007 09:15 AM
What about this?
Switch---1Q-->PIX-TransparentMode---1Q-->Switch
VL=2,3 VL=2,3 VL=2,3
Basically have Vlan 2 and 3 in both sides of the PIX.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide