Thanks for all the help and insight into the issue I was having with vlan interfaces on R61. I got things working, and it wasn't my Cisco config. In case anyone is interested, here is a quick summary of what I found:
When I first installed SecurePlatform on my test box many years ago, it originally only had two NIC cards. Over the years I added two more (at different times) by just shutting the system down adding the cards, restarting, and they would show up and I'd configure them (all 3C905B or C). This was the state of the box when I went to configure/test vlans last week. I couldn't get anything to work and posted to this forum. Well, this morning, I finally decided to just reload the box. During installation where it shows the link status of all interfaces, I discovered that the positions had changed (eth0, eth1, eth2, eth3) from where I had them marked before the reload. Hmmm... I finished the installation, got connected via the GUI and loaded a basic policy. I decided to try the VLAN stuff before doing a restore of my production config, and lo and behold, it worked! So... even though my interfaces were working as they were labeled before, once I started configuring the VLANs, something was keeping the VLANs from working until I completely reloaded. Don't really understand, but it's working, and that's all I care about right now! I've preconfigured my backup box with my new vlan config to slide into place tonight, so once I get my "production" box on the bench, I'll probably just be reloading that one also. Thanks again, Jason -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Hugo van der Kooij Sent: Monday, November 15, 2010 8:38 AM To: [email protected] Subject: Re: [FW-1] multi-VLANs to Cisco Catalyst On Fri, 12 Nov 2010 13:11:11 -0500, "Ebersole, Jason" <[email protected]> wrote: > I've found various information online about how to do this, and I'm > not sure what else to try. Before beating my head against the wall > some more, I thought I'd share my config and hope someone can provide > some insight. First, I'm still on SecurePlatform R60, so be nice! R60 is rather buggy in this regard. So your setup may be hosed in that regard. I know I did get some hotfixes in those days to resolve some hideous bugs in R60. Which means that would invalidate the setup. Then there is serious doubt wether or not the 3C905 cards can handle VLAN information. And I have had some tickets with Check Point in regard to VLAN's where we always needed to assign an IP address to the native VLAN (aka: eth3) Hugo. -- [email protected] http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
