Would putting the pix in a community vlan with the other hosts do the trick?
Chris
On Thu, Apr 30, 2009 at 11:40 AM, Ryan West <rwest_at_zyedge.com> wrote:
> Gary,
>
> You'll need one port configured as promiscuous to forward traffic beyond
> your isolated / community ports. Can you change your PIX port to an access
> port, configure it as promiscuous and then trunk another interface on the
> PIX (assuming you want use dot1q interfaces on the PIX)?
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Gary Braver
> Sent: Thursday, April 30, 2009 11:24 AM
> To: ccielab_at_groupstudy.com
> Subject: Private VLANS without promiscuous port
>
> Experts .
>
>
>
> Been reading / testing private vlans and am stumped on how to make work
> when
> there are no promiscuous ports.
>
>
>
> Setup is that I have a 3560 switch in transparent mode and it has a trunk
> connection to a pix firewall. The firewall is the default gateway for the
> primary vlan so there are no promiscuous ports on the switch.
>
>
>
> Is this possible?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 30 2009 - 18:05:01 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART