Solved: Trunk between PIX and Catalyst switch

rvr_76bg · ‎08-13-2008

Hello,

Yesterday I got extremely good response from the forum how to create VLANs on PIX, I created the subinterfaces and assigned VLANs to them. I configured IP addresses as well. Did the same on the Cat Switch - created SVI and assined them IP add respectivly. Cat Switch shows its port is trunking properly but I cannot ping from PIX to the Switch and vice versa. Please help.

rvr

Farrukh Haroon · ‎08-13-2008

Is it possible for you to post the configuration of the PIX? At least the interface configuration?

And the trunk interface configuration on the switch?

Regards

Farrukh

View solution in original post

massimiliano.serafino · ‎08-13-2008

Hi,

In the interface configuration mode did you use the command:

vlan vlan_id

That is did you put the interface in the proper vlan?

Is the encapsulation type on the Catalyst set to 802.1q?

Massimiliano.

rvr_76bg · ‎08-13-2008

I used vlan 10 in subinterface config mode.

I assigned an IP as well. Named the subinterface as TEST and issued no shut. The configuration on the Cat is OK. Encapsulation is dot1q. I have two SVI int vlan 1 and int vlan 10. sh int f1/1 trunk on the Cat shows the post is trunking for VLAN 1 and 10, which is what I want to see.

When I try to ping from the PIX to the Cat, the PIX doesnt know where to go for that IP (in this case IP add of the VLAN 10 SVI on the Cat). The PIX is missing some more configs I think.

Regards,

rvr

Farrukh Haroon · ‎08-13-2008

Do the native vlan bit, then do 'show arp' on PIX (and switch) also to see if they are seeing MACs of each other.

Regards

Farrukh

Farrukh Haroon · ‎08-13-2008

Try to set the native vlan of this trunk port (on the switch) same as the vlan you assigned on the PIX sub-interface. I know it makes no sense, but I'm tell you from past experiences(s), so just do it :)

Then check.

Regards

Farrukh

rvr_76bg · ‎08-13-2008

Configured the NAtive VLAN on the Cat the same as the PIX su interface and still no connection.

Did sh arp - On the PIX didnt get anythig. On the Cat I got only the MAC addresses on SVI/s,

so they dont see each other.

rvr

Farrukh Haroon · ‎08-13-2008

Is it possible for you to post the configuration of the PIX? At least the interface configuration?

And the trunk interface configuration on the switch?

Regards

Farrukh

rvr_76bg · ‎08-13-2008

Here are the configs. Thank you for your help.

regards,

Farrukh Haroon · ‎08-13-2008

Please add this on the switch:

!

interface FastEthernet1/1

switchport trunk encapsulation dot1q

And then see how it goes. Shut/Unshut the port just in case.

Please send output of 'show interfaces trunk' after this.

Regards

Farrukh

rvr_76bg · ‎08-13-2008

Here is the output of sh int f1/1 switchport and sh int f1/1 trunk.

switchport trunk encap dot1q was already inserted.

Farrukh Haroon · ‎08-13-2008

Try this (I know this makes no sense for trunk ports once again) but on the switch

int fa 0/1

switch access vlan 10

And try rebooting both the switch and the firewall if possible. You can also try to change the interface/port on the switch.

Regards

Farrukh

Farrukh Haroon · ‎08-13-2008

Also is the port up/up on the PIX if you do 'show interface'. You should also see a route for this subnet when you do 'show route' on the PIX?

Regards

Farrukh

rvr_76bg · ‎08-13-2008

This subnet is shown as direcrtly connected to "test" interface when I issued sh route on the PIX, which is perfect.

Both int on the PIX e1 and int e1.1 are UP and UP.

Regards,

Farrukh Haroon · ‎08-13-2008

Did you put the switch access vlan 10 commanD?

Regards

Farrukh

rvr_76bg · ‎08-13-2008

No I didn't because I will covert the port from trunk to access and I need this port to carry more than one VLAN. That's my idea to use one Physical port for many VLAN/s on the PIX. On the Switch I will configure several client VLANs that will communicate with the PIX over the trunk. The clients will access their site over VPN (different tunnels) from my network. I am running out of physical ports.

Regards,

rvr