PIX and Dot1Q trunking

shariqashfaq · ‎02-24-2005

Hello All, I have seen the responses of pplz here about troubleshooting problems, & that give me boost to share one of my thought with you.

I have to insert a PIX (wth FO chasis) in between a dot1Q trunk of 6509 and 3550 . I know PIX support dot1Q trunk, but I'm confused about the PIX and switch configurations..my concerns (some sound stupid though ;) )

1. If i define a trunk b/w inside interface and switch port...how PIX will understand the different VLANs packets (i mean is PIX will be intelligent enough to sort out differnt packet tags)

2. As far as I know PIX interface has to has a IP associated with it, so should I define IP on physical level and VLAN trunk on logical level?

3. when sending traffic out from outside interface ,can i do TRUNK with outside switch..? how do my ACL filter goes through inside the pix? does ACL can filter packets according to their different VLAN tags from different vlans?

4. when outside traffic comi'n inside?? how does my PIX will see it (as it's comi'n thru trunk)

basically..i need to clear how PIX see the data packets inside trunk and how it handles it

any prompt reply will be apperciated<< have to implement it in 2 days :)

regards

SMA

milan.kulik · ‎02-25-2005

Hi,

AFAIK, you can't use PIX to check traffic on L2 line between two switches currently. This feature (transparent FW) is promised in upcoming PIX v.7.

You can configure a trunk connection to PIX to define logical subinterfaces very similar to "router on the stick" configuration.

But you have to assign an IP address to each subinterface and route traffic between them.

See http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113411

for details.

Regards,

Milan