ASA5505 vlan routing with C2960

alexandre.paradis · ‎08-28-2007

Hi, I need to have vlans on my C2960 routed using an ASA.

- Do I need to using VLAN interfaces or subinterfaces?

- Does the port connecting to the 2960 need to be trunked?

Here is the config I was planning on adding on the ASA:

#### CONFIG BEGIN ####

interface vlan 100

nameif outside

security-level 0

ip address 10.0.1.254 255.255.255.0

no shutdown

interface vlan 101

nameif mgmt

security-level 100

ip address 10.1.1.254 255.255.255.0

no shutdown

interface vlan 102

nameif ClassII

security-level 50

ip address 10.2.1.254 255.255.255.0

no shutdown

interface vlan 103

nameif ClassIII

security-level 50

ip address 10.3.1.254 255.255.255.0

no shutdown

interface vlan 104

nameif Acronis

security-level 50

ip address 10.4.1.254 255.255.255.0

no shutdown

interface vlan 105

nameif PreProd

security-level 50

ip address 10.5.1.254 255.255.255.0

no shutdown

interface ethernet 0/0

switchport access vlan 100

ip addr 70.X.X.X 255.255.X.X

no shutdown

interface ethernet 0/1

switchport mode trunk

switchport trunk allowed vlan 101-105

no shutdown

same-security-traffic permit inter-interface

#### CONFIG END ####

Also, if using same-security-traffic, can I still use access-lists to filter traffic between the vlans?

Thanks for the help.

srue · ‎08-30-2007

If you haven't seen this guide already, here:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html

"Configuring Interfaces for the Cisco ASA 5505 Adaptive Security Appliance"