02-28-2006 04:18 PM - edited 03-09-2019 02:06 PM
Hi,
I have a PIX-515 trunked to Cisco 2950 switch. Below is subset of the config.
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet2 vlan1 physical
interface ethernet2 vlan5 logical
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
nameif vlan5 partnernet security50
When I bring this up it works for a while and then stops. The show interface shows incremented errors on vlan.
interface ethernet2 "dmz" is up, line protocol is up
Hardware is i82559 ethernet, address is 0002.b3ef.eeec
IP address 10.101.101.1, subnet mask 255.255.255.0
MTU 1500 bytes, BW 100000 Kbit full duplex
24092165 packets input, 4214593690 bytes, 0 no buffer
Received 668824 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
20834882 packets output, 2891467650 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/47)
output queue (curr/max blocks): hardware (0/32) software (0/1)
5062 aggregate VLAN packets input, 345727 bytes
1227 aggregate VLAN packets output, 59758 bytes
24080969 vlan1 packets input, 17098671264 bytes
20794760 vlan1 packets output, 15756502741 bytes
2508 invalid VLAN ID errors, 3625 native VLAN errors
interface vlan5 "partnernet" is up, line protocol is up
Hardware is i82559 ethernet, address is 0002.b3ef.eeec
IP address 10.11.139.130, subnet mask 255.255.255.128
MTU 1500 bytes, BW 100000 Kbit full duplex
5062 packets input, 345727 bytes
94 packets output, 4420 bytes
What am I doing wrong here?
03-06-2006 01:36 PM
The issue may be due to
PIX stops receiving high rate traffic at VLAN interface
OSPF redistribute connected vlan fails on physical
Firewall can be connected to 100BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch.
03-06-2006 08:40 PM
What is the dmz interface connected to, and how is that port configured?
03-07-2006 05:44 AM
DMZ port is connected to a 2950 switch port set as 100/full Trunk mode. Following commands were issued on switch side.
config t
int fa0/1
switchport mode trunk
switchport trunk native vlan1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide