Well, you're close. The tag will get removed if the VLAN information is necessary in a given location (switch). In other words, the tag is only permanently removed by the last switch to "touch" it before the frame actually arrives at the final destination. If a given switch is not the last switch to touch the frame, the tag will be reapplied to the frame before it leaves the fabric and gets forwarded to the next switch in line.
Since routing (Layer 3 switching, etc.) is the mechanism to move packets back and forth from the PIX, the 6509 will be the last switch to touch the frame so the tag would be removed by the time it reaches the PIX. In any case, since the PIX uses routing to discriminate between networks, not VLAN tagging, it would have no knowledge of the tag. A layer 2 bridge will forward the tagged frame and maybe not recognize the tag but the PIX being a Layer 3/4 device may not even pass a tagged frame, let alone recognize the tag. I would think that your best chance for the PIX to forward tagged frames would be with Dot1Q as it embeds the tag inside of the frame whereas ISL encapsulates the frame, which the PIX might take exception. Of course, stateful inspection might not like a Dot1Q frame either. I am curious about what scenario you have that you would want to pass tagged packets outside of the PIX? The only scenario I can think of is you are using a PIX between LANs. Is this correct? Rik -----Original Message----- From: Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 7:50 PM To: [EMAIL PROTECTED] Subject: Re: Pix and vlan [7:34663] I have my PIX 520 interfaces hanging of a 6509 in multiple VLANs with no issues. But doesn't traffic get tagged only when it crosses a trunk or the switch fabric? I thought that once it left the switch fabric, the tagging is removed. Robert ""Bates, Steven (SIGNAL)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > No I was referring to when a PIX is being hung off a switch, and if the PIX > can pass tagged traffic, (i.e. frames) in switched network. Sorry about the > confusion > > -----Original Message----- > From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 06, 2002 2:39 PM > To: [EMAIL PROTECTED] > Subject: Re: Pix and vlan [7:34663] > > > I never knew the pix was even capable of VLAN's.... > > >>> "Bates, Steven (SIGNAL)" 02/06/02 03:03PM >>> > Has anyone heard of the PIX having problems passing tagged packets as in > dot1q and how about ISL? I did some testing before with the Lucent Brick > and it could not deal with tagged packets. I know the the new Bricks will > handle it, but don't know about the PIX. Specifically 6.0 > > Steven Kell Bates > >>>>>>>>>>>>> Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and > /or proprietary information in the possession of WellStar Health System, > Inc. ("WellStar") and is intended only for the individual or entity to whom > addressed. This email may contain information that is held to be > privileged, confidential and exempt from disclosure under applicable law. If > the reader of this message is not the intended recipient, you are hereby > notified that any unauthorized access, dissemination, distribution or > copying of any information from this email is strictly prohibited, and may > subject you to criminal and/or civil liability. If you have received this > email in error, please notify the sender by reply email and then delete this > email and its attachments from your computer. Thank you. > > ================================================================ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34712&t=34663 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
