[c-nsp] Vlans + PIX 515
Rubens Kuhl Jr.
rubensk at gmail.com
Thu Sep 21 20:10:46 EDT 2006
No, a port on a Cisco switch can be a member of only 1 normal VLAN.
If your switch supports Private VLANs, you can put the firewall port
on the master VLAN that talks with everybody else, and servers/users
restricted to talk only to the firewall.
Rubens
On 9/21/06, Eusebio López <eusebio at palmanet.net> wrote:
> Thank you very much. It already works.
>
> A last question. I am using a Cisco catalyst. I have defined 2 vlans.
>
> Could I have a same port in several Vlan´s?
>
> Cheers.
>
>
> -----Mensaje original-----
> De: Amol Sapkal [mailto:amolsapkal at gmail.com]
> Enviado el: miércoles, 20 de septiembre de 2006 16:07
> Para: Shakeel Ahmad
> CC: Eusebio López; cisco-nsp at puck.nether.net
> Asunto: Re: [c-nsp] Vlans + PIX 515
>
> HI,
>
> On 9/20/06, Shakeel Ahmad <shakeelahmad at gmail.com> wrote:
> > prepare this interface as a trunk and there you go - you can have multiple
> > virtual interfaces (related to VLAN) on your PIX - number of interfaces
> > depends on your liscence.
> >
>
> If I am not wrong, you need not specify the PIX interface as a trunk
> (there is no such command, AFAIK). What is needed is to convert the
> uplink port to the switch as a trunking port.
>
> Eusebio,
>
> The config is as simple as:
>
> interface ethernet2 vlan100 physical
> interface ethernet2 vlan200 logical
> !
> nameif vlan100 XYZ securityXX
> nameif vlan200 ABC securityYY
> !
>
> HTH,
> Amol
>
>
> >
> >
> >
> >
> > On 9/20/06, Eusebio López <eusebio at palmanet.net> wrote:
> > >
> > > hi,
> > >
> > >
> > >
> > > I have PIX 515 and in one of the interfaces I am remaining without IP´s
> > > directions.
> > >
> > >
> > >
> > > Could I form a different address in same interface creating 2 vlans in
> > > pix?
> > >
> > >
> > >
> > > Cheers.
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> --
> Warm regards,
>
> Amol Sapkal
>
> -------------------------------------------------------------------
> "When I'm not in my right mind, my left mind
> gets pretty crowded"
> -------------------------------------------------------------------
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list