Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
3
Replies

PIX-515 VLAN errors

smunzani
Level 1
Level 1

‎02-28-2006 04:18 PM - edited ‎03-09-2019 02:06 PM

Hi,

I have a PIX-515 trunked to Cisco 2950 switch. Below is subset of the config.

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

interface ethernet2 vlan1 physical

interface ethernet2 vlan5 logical

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

nameif vlan5 partnernet security50

When I bring this up it works for a while and then stops. The show interface shows incremented errors on vlan.

interface ethernet2 "dmz" is up, line protocol is up

Hardware is i82559 ethernet, address is 0002.b3ef.eeec

IP address 10.101.101.1, subnet mask 255.255.255.0

MTU 1500 bytes, BW 100000 Kbit full duplex

24092165 packets input, 4214593690 bytes, 0 no buffer

Received 668824 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

20834882 packets output, 2891467650 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/47)

output queue (curr/max blocks): hardware (0/32) software (0/1)

5062 aggregate VLAN packets input, 345727 bytes

1227 aggregate VLAN packets output, 59758 bytes

24080969 vlan1 packets input, 17098671264 bytes

20794760 vlan1 packets output, 15756502741 bytes

2508 invalid VLAN ID errors, 3625 native VLAN errors

interface vlan5 "partnernet" is up, line protocol is up

Hardware is i82559 ethernet, address is 0002.b3ef.eeec

IP address 10.11.139.130, subnet mask 255.255.255.128

MTU 1500 bytes, BW 100000 Kbit full duplex

5062 packets input, 345727 bytes

94 packets output, 4420 bytes

What am I doing wrong here?

Labels:
0 Helpful
3 Replies 3

pradeepde
Level 5
Level 5

‎03-06-2006 01:36 PM

The issue may be due to

PIX stops receiving high rate traffic at VLAN interface

OSPF redistribute connected vlan fails on physical

Firewall can be connected to 100BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch.

0 Helpful

pgalligan
Level 1
Level 1

‎03-06-2006 08:40 PM

What is the dmz interface connected to, and how is that port configured?

0 Helpful

smunzani
Level 1
Level 1
In response to pgalligan

‎03-07-2006 05:44 AM

DMZ port is connected to a 2950 switch port set as 100/full Trunk mode. Following commands were issued on switch side.

config t

int fa0/1

switchport mode trunk

switchport trunk native vlan1

0 Helpful
Customers Also Viewed These Support Documents