I have setup a new Cisco L3 Switch and create three different V-Lan.
1) V-lan 100 192.168.12.0/24 f0
2) V-lan 200 192.168.13.0/24 f1
3) V-lan 300 192.168.14.0/24 f2
F3 switch port is directly connected with ASA 5505 FW.
ASA Inside IP 192.168.10.2
Switch F3 IP 192.168.10.1
Now I want that all Vlan traffic request for internet to be go through ASA. Please suggest what type of config I will have to do?
Yes, ACLs will be required in the L3 switch if you want to control traffic between the subnets.
No because internal routing is enabled on the switch, they will talk to each other fine.
AS reference will try to exmplain a bit more so that you can know the obtions in future.
You cannot delete the management default VLAN1 off the switch or any switch as it is a default embeded vlan in the switch code, but you can choose any other vlan for management and leave VLAN1 alone with no IP adddress and be able to telnet to the switch from any other SVI interface , it is just simply for management. The VLAN1 Association on the switch is local to the switch and not the firewall.
If you had created the VLANS on the ASA for example
ip address 192.168.10.1 255.255.255.0
ip address 192.168.11.1 255.255.255.0
same-security-traffic permit inter-interface
then in the switch the trunk must be configured and associate the ASA VLAN# to the switch L2 VLAN# as bellow.
switch: Layer 2 vlans
vlan 100 name inside1
vlan 101 name inside2
Description Connection to ASA_Inside_Ethernet1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allow vlan 100,101 etc..
In original replies example the fe0/48 defaults to vlan1 anyways and switchport access vlan 1 command is not required Im just pickie about it and place it when there are many vlans configured and want to know who is who on the switch ports, you are correct in saying master port, although I have not heard that tearm in switches but I think you meant by master port the primary physical
connection to the firewall inside interface.