Announcement

**tranmyphuc** · 24-12-2008, 01:26 AM

Originally posted by minhnkt View Post

Em có một con pix 515e. và có 3 net: 10.0.1.0 10.0.2.0 10.0.3.0. Em muốn ping được lẫn nhau thì phải cấu hình như thế nào ạ??

Các bác chi tiết cho em được thì tốt, hịk hik, em cám ơn nhìu nhìu:-S:-S

Chào ,
Có phải là bạn muốn định tuyến Vlan cấu hình trên PIX ?
Nếu vậy bạn xem cấu hình bên dưới :
Thực hiện cấu hình theo qui trình sau:

Step 1 Assign the interface speed to a physical interface by entering the following command:

Code:

interface ethernet0 auto

Step 2 Assign VLAN2 to the physical interface (ethernet0) by entering the following command:

Code:

interface ethernet0 vlan2 physical

By assigning a VLAN to the physical interface, you ensure that all frames forwarded on the interface will be tagged. VLAN 1 is not used because that is the default native VLAN for Cisco switches. Without the physical parameter, the default for the interface command is to create a logical interface.

Step 3 Create a new logical interface (VLAN3) and tie it to the physical interface (ethernet0) by entering the following command:

Code:

interface ethernet0 vlan3 logical

This will allow the PIX Firewall to send and receive VLAN-tagged packets with a VLAN identifier equal to 3 on the physical interface, ethernet0.

Step 4 Configure the logical and physical interfaces by entering the following commands:

Code:

nameif ethernet0 outside security0
nameif vlan3 dmz security50
ipaddress outside 192.168.101.1 255.255.255.0
ipaddress dmz 192.168.103.1 255.255.255.0

The first line assigns the name outside to ethernet0 (the physical interface) and sets the security level to zero. The second line assigns the name dmz to vlan3 (the logical interface) and sets the security level to 50. The third and fourth lines assign IP addresses to both interfaces.

After this configuration is enabled, the outside interface sends packets with a VLAN identifier of 2, and the dmz interface sends packets with a VLAN identifier of 3. Both types of packets are transmitted from the same physical interface (ethernet0).

Một số thao tác khác hữu ích trong khi cấu hình:

Managing VLANs

To display information about the VLAN configuration, enter the following command:

Code:

show interface

To temporarily disable a logical interface, enter the following command:

Code:

interface ethernet0 vlan_id shutdown

Replace vlan_id with the VLAN ID associated with the logical interface that you want to temporarily shut down.

To change the VLAN ID of a logical interface, enter the following command:
interface change-vlan old_vlan_id new_vlan_id

Replace old_vlan_id with the existing VLAN ID and replace new_vlan_id with the new VLAN ID you want to use.

This command lets you change the VLAN ID without removing the logical interface, which is helpful if you have added a number of access-lists or firewall rules to the interface and you do not want to start over.

To disable VLAN tagging on the interface, enter the following command:
no interface ethernet0 vlan_id physical

Replace vlan_id with the VLAN ID for which you want to disable VLAN tagging.

To remove the logical interface and remove all configuration, enter the following command:

Code:

no interface ethernet0 vlan_id logical

Replace vlan_id with the VLAN ID associated with the logical interface that you want to remove.

Chúc bạn vui vẻ và hạnh phúc.

**dung_phd** · 01-09-2009, 03:26 PM

hi anh Phuc.
cho minh hoi tren pix515e tao thêm một interface logical duoc hong vay?
cach tao the nao vay?
cam on anh.

**nguyenquocle** · 03-09-2009, 07:41 PM

chào bạn,

Pix, ASA hiện nay chưa cho phép tạo interface logical

**thanhnam0707** · 04-09-2009, 03:09 PM

Asa5510 tạo được sub interface,

Cisco Security Appliance Command Line Configuration Guide, Version 7.2 - Configuring Ethernet Settings and Subinterfaces [Cisco ASA 5500-X Series Firewalls]

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html

Announcement

Cứu em với, PIX 515E

Cứu em với, PIX 515E

Comment

Comment

Comment

Comment