cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
252
Views
5
Helpful
6
Replies
Highlighted
Beginner

Setting up VLAN in a 506e

Inside hosts connected to a L2 2950. Pix506e inside interface also connected to this switch and outside interface of the 506e is connected to a 2600 which is our T1 router.

All works smooth.

I just need to create vlans on this pix so I can put my mail server in one and all my hosts on the other

What are the commands or links so I can do this ?

thanks

6 REPLIES 6
Highlighted
Enthusiast

Hello,

Your going to have problems with this. You won't be able to route between the vlans on the 506e. I'm not even sure the 506 supports vlans I thought it was only on the 515's.

Patrick

Highlighted

the 506e does support Vlans. It supports up 2 for a total of 4 interfaces

In fact, I had this setup done before but we had to swapt the firewall because the old one got fried.

Now, you mentioned routing, but like I said, when I had this going before, my INSIDE_VLAN and my DMZ_VLAN used to see each other. But perhaps I had them wide open, but I don't know. I had this setup done with the help of a Cisco ccna tech

Can you explain a bit more what you mean by not being able to route between the vlans?? excuse the basics, but I am just starting :)

thanks

Highlighted
Contributor

Hello,

check this link for details on the configuration:

Configuring PIX Firewall with VLANs

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113437

Keep in mind that the 506E only supports two VLANs (but from your post it sounds like that is all you need).

Regards,

GNT

Highlighted
Beginner

Hi Angel,

I think this example is what you are looking for. Remember the switch port must be configured in VLAN trunk mode and belong to both VLAN IDs.

!

interface Ethernet0

description connected internet

nameif outside

security-level 0

ip address 1.1.1.1 255.255.255.248

!

interface Ethernet1

description physical interface to switch

no nameif

no security-level

no ip address

!

interface Ethernet1.1

description VLAN 1, default LAN for all computers

vlan 1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Ethernet1.4

description VLAN 4 used for the mail server

vlan 4

nameif mail

security-level 60

ip address 10.10.10.1 255.255.255.0

!

Greetings Volker

Highlighted

Hi Volker,

I am following your steps but I would like to know why no security level to interface ethernet1?

would it matter? or do I have to put the command "no nameif ethernet1 inside security100" ?

Highlighted
Beginner

interface ethernet0 100full

interface ethernet1 100full

interface ethernet1 vlan10 logical

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif vlan10 DMZ security25

Here's an example that might work for you.

Content for Community-Ad
This widget could not be displayed.