Vlan 5505

Answered Question
Jul 31st, 2008
User Badges:

Hi,


What I am thinking to create three three V-lans on L2 switch like :-


1) Vlan-100

192.168.1.0/24

Int 1


2) Vlan-100

192.168.2.0/24

Int 2

3) Vlan-300

192.168.3.0/24

Int 3


Now one of the interface 4, want to use as a Trunk port which will be connect with directly FW. Now is it possible that all Vlan data go through the trunk port to FW to Internet. If it is then please show me a one example with configuration, if possible. Thanks.

Correct Answer by dhananjoy chowdhury about 8 years 11 months ago

If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.

Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dhananjoy chowdhury Fri, 08/01/2008 - 01:14
User Badges:
  • Silver, 250 points or more

yes, you will have to use subinterfaces on the firewall. Suppose you connect the trunk port on the L2 switch with e0/1 on the FW, then on the FW configure like this


hostname(config)# interface ethernet0/1.1

hostname(config-subif)# vlan 100

hostname(config-subif)# nameif inside100

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.1.1 255.255.255.0


hostname(config)# interface ethernet0/1.2

hostname(config-subif)# vlan 200

hostname(config-subif)# nameif inside200

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.2.1 255.255.255.0


hostname(config)# interface ethernet0/1.3

hostname(config-subif)# vlan 300

hostname(config-subif)# nameif inside300

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.3.1 255.255.255.0


and then for allowing communication between the subnets of these vlans use the command


hostname(config)# same-security-traffic permit inter-interface

nikuhappy2010 Fri, 08/01/2008 - 02:18
User Badges:

If I would need three V-lans configured on ASA three seperate Interfaces then why wud i need to make these v-lans on Switch. My question was that is it possible that the all V-Lans traffic go through switch int 4 which is connected with FW int/0 and FW int/0 to internet. In this case, i want to configure only one interface on FW. Thanks.

Correct Answer
dhananjoy chowdhury Fri, 08/01/2008 - 04:03
User Badges:
  • Silver, 250 points or more

If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.

Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.

Actions

This Discussion