07-26-2007 03:25 PM - edited 03-05-2019 05:31 PM
doing a switch migration/consolidation into a 4500. I am trying to consolidate a 3512 DMZ switch into a 4506 with a 24-port FE card (among others).
Current DMZ 3512 switch is VLAN 1 10.1.1.254/24 --> Gateway is 10.1.1.1 (ASA5510)
How would I go about moving this to a 4500 using FE ports 3/9 - 3/16 on a 24-port card in slot 3?
I alread have a VLAN created for internal network on the 4500 - VLAN1 192.168.100.xx - so moving the DMZ into the 4500 is giving me trouble. Would I need to create another VLAN, set the 3/9-16 ports to trunk ports?
07-26-2007 04:09 PM
You would create a new VLAN and then assign those ports to the VLAN, they would not be trunk ports. Let's say you create VLAN 10, you would then assign the ports to the VLAN:
switch#conf t
switch(config)#int range f3/9 - 16
switch(config-if-range)#switchport access vlan 10
!
For security reasons many people would advise you against collapsing the DMZ onto a switch that is also host to your internal network. As long as the routed interface for this network is on the ASA and not the 4500, you can minimize your exposure somewhat. You should turn off CDP, PAgP/LACP, etc. You might also consider changing your inside VLAN from VLAN 1 to a numbered VLAN.
07-26-2007 04:35 PM
I have tried that and still cannot get connectivity. I assigned VLAN2 to those ports exactly like your example and I cannot ping the ASA - what could I be missing?
Does the sw version matter?
Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.2(25)EWA8, RELEASE SOFTWARE (fc1)
07-27-2007 12:56 AM
Hi
No you shoud be able to do this with the switch you have as your are using it purely as a layer 2 switch in this instance.
Can you post a copy of the ASA config, minus any sensitive info, plus the output of a "sh vlan" on the 4500.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide