ASA5505 vlan routing with C2960

Unanswered Question
Aug 28th, 2007

Hi, I need to have vlans on my C2960 routed using an ASA.

- Do I need to using VLAN interfaces or subinterfaces?

- Does the port connecting to the 2960 need to be trunked?

Here is the config I was planning on adding on the ASA:

#### CONFIG BEGIN ####

interface vlan 100

nameif outside

security-level 0

ip address 10.0.1.254 255.255.255.0

no shutdown

interface vlan 101

nameif mgmt

security-level 100

ip address 10.1.1.254 255.255.255.0

no shutdown

interface vlan 102

nameif ClassII

security-level 50

ip address 10.2.1.254 255.255.255.0

no shutdown

interface vlan 103

nameif ClassIII

security-level 50

ip address 10.3.1.254 255.255.255.0

no shutdown

interface vlan 104

nameif Acronis

security-level 50

ip address 10.4.1.254 255.255.255.0

no shutdown

interface vlan 105

nameif PreProd

security-level 50

ip address 10.5.1.254 255.255.255.0

no shutdown

interface ethernet 0/0

switchport access vlan 100

ip addr 70.X.X.X 255.255.X.X

no shutdown

interface ethernet 0/1

switchport mode trunk

switchport trunk allowed vlan 101-105

no shutdown

same-security-traffic permit inter-interface

#### CONFIG END ####

Also, if using same-security-traffic, can I still use access-lists to filter traffic between the vlans?

Thanks for the help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Actions

This Discussion