[c-nsp] [Slightly OT]: Silly Question
Tim Donahue
tdonahue at vonsystems.com
Wed Feb 9 17:28:57 EST 2011
Sorry for the slightly OT question, but my google-fu can't seem to find
a definitive answer for this.
We recently replaced our Checkpoint firewall with a Fortigate FW and our
business requirements have grown for the FW. We need to setup an
virtual domain with a new network to meet the new requirements, and I
want to create this using the existing external interface and add a .1q
tagged vlan for the virtual domain. According to the Fortigate
documentation, there should be no problem configuring this on the firewall.
The firewall is directly connected to a Cisco 3845 using the built in
gig 0/0 port. If it is possible, I would like to leave the existing
subnet as untagged so we don't need to interrupt traffic to the
firewall. I would like to add the second subnet on a dot1q tagged sub
interface. If memory serves me correctly, the configuration below
should accomplish this but it has been quite a while since the last time
I worked with a Cisco router.
interface gigabitEthernet 0/0
ip address 10.1.10.1 255.255.255.0
!
interface gigabitEthernet 0/0.20
encapsulation dot1q 20
ip address 10.1.20.1 255.255.255.0
!
In the end, it all boils down to a couple questions.
Can the internal Gigabit interfaces on the 3845 support VLAN tagging, or
would I need the HWIC-1GE-SFP which states it supports vlan trunking in
the data sheet?
Do routed interfaces on the 3845 offer the ability to support tagged and
untagged traffic as configured above?
Thank you,
Tim Donahue
More information about the cisco-nsp
mailing list