07-31-2008 11:18 PM - edited 03-11-2019 06:24 AM
Hi,
What I am thinking to create three three V-lans on L2 switch like :-
1) Vlan-100
192.168.1.0/24
Int 1
2) Vlan-100
192.168.2.0/24
Int 2
3) Vlan-300
192.168.3.0/24
Int 3
Now one of the interface 4, want to use as a Trunk port which will be connect with directly FW. Now is it possible that all Vlan data go through the trunk port to FW to Internet. If it is then please show me a one example with configuration, if possible. Thanks.
Solved! Go to Solution.
08-01-2008 04:03 AM
If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.
Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.
08-01-2008 01:14 AM
yes, you will have to use subinterfaces on the firewall. Suppose you connect the trunk port on the L2 switch with e0/1 on the FW, then on the FW configure like this
hostname(config)# interface ethernet0/1.1
hostname(config-subif)# vlan 100
hostname(config-subif)# nameif inside100
hostname(config-subif)# security-level 100
hostname(config-subif)# ip address 192.168.1.1 255.255.255.0
hostname(config)# interface ethernet0/1.2
hostname(config-subif)# vlan 200
hostname(config-subif)# nameif inside200
hostname(config-subif)# security-level 100
hostname(config-subif)# ip address 192.168.2.1 255.255.255.0
hostname(config)# interface ethernet0/1.3
hostname(config-subif)# vlan 300
hostname(config-subif)# nameif inside300
hostname(config-subif)# security-level 100
hostname(config-subif)# ip address 192.168.3.1 255.255.255.0
and then for allowing communication between the subnets of these vlans use the command
hostname(config)# same-security-traffic permit inter-interface
08-01-2008 02:18 AM
If I would need three V-lans configured on ASA three seperate Interfaces then why wud i need to make these v-lans on Switch. My question was that is it possible that the all V-Lans traffic go through switch int 4 which is connected with FW int/0 and FW int/0 to internet. In this case, i want to configure only one interface on FW. Thanks.
08-01-2008 04:03 AM
If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.
Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.
08-01-2008 04:18 AM
Thanks:)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide