06-18-2008 12:07 PM - edited 02-21-2020 02:53 AM
I'm attempting to setup a new ASA 5510 with a VLAN but there are no VLAN commands that appear to be avaliable to me. The documentation says it supports up to 10 VLANs. Am I missing something? Is it a licensing issue?
Thanks.
06-18-2008 04:59 PM
What do you have for license? the 5510 base license supports up to 50 VLANs.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
There is no vlans commands per say, you need to implement 802.1q trunking, in other words configure subinterfaces in firewall automatically enables trunking, trunk to your switch, create L2 vlans on the switch for each conrresponding subinterface created in firewall.
Check this link
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1044006
Rgds
-Jorge
06-18-2008 05:21 PM
Hi,
I have (2) 5510's with base licenses, but running v7.0(7). I guess I probably should upgrade :). They are only a few months old and haven't been turned on in production yet.
In one document I read that it support 10, but another indicated that you needed Security+ to support 10. It looks like it changed with v8 firmware. I was in the wrong place when I attempted to use the vlan command as I was on the interface, not a sub-interface. On a sub-interface, it worked and let me add a VLAN.
I'm working with a HP ProCurve 3400cl L3 switch and HP recommended setting up multiple VLAN's to simplify routing. But I have a site that is still using a PIX 506, and I'm not sure that those support VLANs. I need to upgrade them (since the PIX is EOL), but that isn't possible until later this year or early next. I've not used VLANs before as the networks are fairly small (< 50 hosts) and didn't have a need. Any doc's that you can point me to would be appreciated!
06-18-2008 05:46 PM
Yes, 7.0(7) is GD as well as 7.0.8 GD is ssaid to be most stable ,however, my personal opinion, since your 5510s are not in
production may as well upgrade them to latest version 8.0(3) and take advantage of many features that 7.x does not have.
I also recommend to have Security plus license. I am soon upgrading our PIXes 515Es and that is what I will be getting 5510 with sec plus licenses. Sec plus license activates other features base license does not, see first link in my 1st post for details.
As for the PIX 506 if it is 506E it can support up to 2 VLANs with code 6.3.5 code and that is the max code it can support on the 6.x train almost same principle with trunking.
For PIX 506e it woulb be something as:
interface ethernet0 auto ( Outside interface physical )
interface ethernet1 auto (inside interface physical )
interface ethernet1 vlan2 physical
interface ethernet1 vlan3 logical ( Invokes 802.1q trunking )
nameif ethernet0 outside security0
nameif ethernet1 inside security100 (sec level for inside )
nameif vlan3 inside2 security99 (sec level for inside2)
ip address inside 2.2.2.2 255.255.255.0
ip address inside2 3.3.3.3 255.255.255.0
On the swithc side would be if you have cisco switch
Switch:
vlan database
vtp transparent
vtp domain test_lab
vtp password cisco
vlan 2 name inside_2.2.2.0/24
vlan 3 name inside2_3.3.3.0/24
Interface fastethernet0/48
Description trunk_Connection_pix ethernet1
speed auto
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,3
something along those lines. Let me find some links for creating L2 vlans on switches , but not sure if same principle applies on HP switches, they may have different command syntax, I never worked with HPs.
HTH
-Jorge
PLs rate any helpful post if it helped
06-18-2008 06:24 PM
John,
This link have few documentation and configuration instructions for your HP switch models. Im sure there are examples for configuring Vlans.
http://www.hp.com/rnd/support/manuals/3400cl.htm
Rgds
-Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide