Yes, you need an IP on the vlan11 interface. Also, you need to observe the
rules of interfaces with the same security level. I'm not sure if you are
configuring that way by design or just testing.
See the configuration guide for VLANs in 6.3 here:
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1113411
Mark
#17755, Security
On Fri, Jun 25, 2010 at 4:29 AM, hopalong <ccieangel2_at_googlemail.com> wrote:
> Hi
>
> Can anyone give me some help with a pix? I need 2 vlans on ethernet1
> (inside) and a different one on ethernet 0 (outside) but I can't get the
> config to work..
>
> PIX Version 6.3(5)
> interface ethernet0 100full
> interface ethernet1 vlan2 physical
> interface ethernet1 vlan11 logical
> interface ethernet2 100full
> interface ethernet3 auto
> interface ethernet4 auto shutdown
> interface ethernet5 auto shutdown
>
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> nameif vlan11 vlan11 security100
>
> Do I need to put an IP on the vlan 11 interface? Have I got the wron end of
> the stick?!!
>
> Thanks!
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 25 2010 - 08:23:46 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:38 ART