The PIX DOESN'T currently support vlan tagging at all...neither Dot1q or ISL.
Kevin Rik Guyler wrote: > Well, you're close. The tag will get removed if the VLAN information is > necessary in a given location (switch). In other words, the tag is only > permanently removed by the last switch to "touch" it before the frame > actually arrives at the final destination. If a given switch is not the > last switch to touch the frame, the tag will be reapplied to the frame > before it leaves the fabric and gets forwarded to the next switch in line. > > Since routing (Layer 3 switching, etc.) is the mechanism to move packets > back and forth from the PIX, the 6509 will be the last switch to touch the > frame so the tag would be removed by the time it reaches the PIX. In any > case, since the PIX uses routing to discriminate between networks, not VLAN > tagging, it would have no knowledge of the tag. A layer 2 bridge will > forward the tagged frame and maybe not recognize the tag but the PIX being a > Layer 3/4 device may not even pass a tagged frame, let alone recognize the > tag. > > I would think that your best chance for the PIX to forward tagged frames > would be with Dot1Q as it embeds the tag inside of the frame whereas ISL > encapsulates the frame, which the PIX might take exception. Of course, > stateful inspection might not like a Dot1Q frame either. > > I am curious about what scenario you have that you would want to pass tagged > packets outside of the PIX? The only scenario I can think of is you are > using a PIX between LANs. Is this correct? > > Rik > > -----Original Message----- > From: Robert [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 06, 2002 7:50 PM > To: [EMAIL PROTECTED] > Subject: Re: Pix and vlan [7:34663] > > > I have my PIX 520 interfaces hanging of a 6509 in multiple VLANs with no > issues. > > But doesn't traffic get tagged only when it crosses a trunk or the switch > fabric? I thought that once it left the switch fabric, the tagging is > removed. > > Robert > > ""Bates, Steven (SIGNAL)"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>No I was referring to when a PIX is being hung off a switch, and if the >> > PIX > >>can pass tagged traffic, (i.e. frames) in switched network. Sorry about >> > the > >>confusion >> >>-----Original Message----- >>From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, February 06, 2002 2:39 PM >>To: [EMAIL PROTECTED] >>Subject: Re: Pix and vlan [7:34663] >> >> >>I never knew the pix was even capable of VLAN's.... >> >> >>>>>"Bates, Steven (SIGNAL)" 02/06/02 03:03PM >>> >>>>> >>Has anyone heard of the PIX having problems passing tagged packets as in >>dot1q and how about ISL? I did some testing before with the Lucent Brick >>and it could not deal with tagged packets. I know the the new Bricks will >>handle it, but don't know about the PIX. Specifically 6.0 >> >>Steven Kell Bates >> >>>>>>>>>>>>>>> Confidentiality Disclaimer This email and any files >>>>>>>>>>>>>>> > transmitted with it may contain confidential and > >>/or proprietary information in the possession of WellStar Health System, >>Inc. ("WellStar") and is intended only for the individual or entity to >> > whom > >>addressed. This email may contain information that is held to be >>privileged, confidential and exempt from disclosure under applicable law. >> > If > >>the reader of this message is not the intended recipient, you are hereby >>notified that any unauthorized access, dissemination, distribution or >>copying of any information from this email is strictly prohibited, and may >>subject you to criminal and/or civil liability. If you have received this >>email in error, please notify the sender by reply email and then delete >> > this > >>email and its attachments from your computer. Thank you. >> >>================================================================ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34722&t=34663 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
