Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple VLAN on switch port

Status
Not open for further replies.
ErrolDC

ErrolDC

MIS
Joined
May 26, 2004
Messages
72
Location
US
** Same post is in PIX Forums **
I am trying to determine the best approach complete a task that I have set before me. I wanted to ping this community see what others would have to say.

I have a PIX 515E with 6 physical interfaces. One of these interfaces is responsible for firewalling/segmenting a network that is specifically reserved for building tenants of my company. The interface physically connects to a swithport on a 6506. The idea is to connect each of our tenants to a port the 6506 and segment them through vlans. Each tenant will be on a separate vlan. This seperates the tenants from each other and from our network, however, the PIX firewall will be their gateway so the PIX needs to reside on the same vlan as each tenant.

I am aware that the PIX I have only supports 10 total interfaces, which means got only got 4 interfaces to play with for VLAN stuff. However, I don't need the vlan information to route through the PIX. The vlan stuff can be stripped before the packet exits the interface physically connected to the switch. What I am interested is binding multiple VLANS to a single switch port so that all my tenant vlans can communicate with their gateway. Is this possible to do? Or is there another way I can do what I need to do?

Thanks for your thoughts.
 
Sort by date Sort by votes
Try to inform yourself about VLAN trunking. This might be what you are looking for...
bye,
busche
 
Upvote 0 Downvote
Thanks for the reply.
I am already familiar with trunking. However, what I do not know is if the PIX supports ISL or the 802q.11 standard.
Also, is that the only way I can achieve what I am looking to do?


 
Upvote 0 Downvote
I would think it would support 802.1Q seeing that is the defacto standard for trunking and ISL is a old Cisco proprietory technology.
 
Upvote 0 Downvote
Thanks for all the responses.
Last question please. Is it possible to have an interface belong to more than one VLAN and it not require trunking and be totally transparent to the host connected to the interface/port? I do not need the host to be aware of the VLAN information. In this case, all I care about is the 6509 allowing every vlan to communicate with the VLAN that the PIX is in..

 
Upvote 0 Downvote
Why not make the 6509 the gateway? is it not L3 capable? I would setup point to point subnets on each tenant and terminate them on the 6509 ports assigning each ptp subnet to a different vlan. that would take care of the security issue. use access-lists to limit traffic between subnets. then just use the pix for what its meant for, firewalling/ids/vpn. dot1q trunking is possible with the pix however it would be better to use the switch for vlan layer2 related activities as that is what it was designed to do.

Good luck.

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization
 
Upvote 0 Downvote
The answer to your question is YES. Look up PVLANs. This will allow the interface of the PIX firewall to connect to a switch port that is configured for more multiple VLANs while the end host is connected to a port that is configured for a specific VLAN

Thanks for all the responses.
Last question please. Is it possible to have an interface belong to more than one VLAN and it not require trunking and be totally transparent to the host connected to the interface/port? I do not need the host to be aware of the VLAN information. In this case, all I care about is the 6509 allowing every vlan to communicate with the VLAN that the PIX is in..


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
798
madwok
madwok
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
561
CPM86
CPM86
Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
504
Zero6
Zero6
testman1
  • Locked
  • Question Question
SIP telephone ring on second call
Replies
0
Views
444
testman1
testman1
stanlyn
  • Locked
  • Question Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
651
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top