cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
634
Views
0
Helpful
6
Replies

How to create a 2nd vlan on a private switch behind a pix asa5510

w951duu
Level 1
Level 1

I've got a situation where a client has an ASA5510 Pix with a switch behind the internal interface.  The switch has only vlan 1, but now wants to create a 2nd vlan on the switch for a new server.

How would I accomplish this?  I can't trunk on the interface to the PIX, so how would I get them access to the new vlan.

3 Accepted Solutions

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Greg,

You can create a sub-interface on the ASA for each vlan

interface Ethernet0/1.1
vlan 8
nameif int
security-level 100
ip address 172.16.8.1 255.255.255.0
!
interface Ethernet0/1.2
  vlan 9
nameif int2
security-level 100
ip address 172.16.9.1 255.255.255.0

HTH

Reza

View solution in original post

w951duu wrote:

I'll have to remove the ip address on the current interface then create a sub for it as well, no?  The client is concerned about down time, but I'm assuming there will be some while I turn on trunking on the switch as well.

Thanks for your help.

Gregory

Yes you can't do this without some downtime for both the ASA and the switch.

Jon

View solution in original post

Yes, you would need short outage window to do it

HTH

Reza

View solution in original post

6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Greg,

You can create a sub-interface on the ASA for each vlan

interface Ethernet0/1.1
vlan 8
nameif int
security-level 100
ip address 172.16.8.1 255.255.255.0
!
interface Ethernet0/1.2
  vlan 9
nameif int2
security-level 100
ip address 172.16.9.1 255.255.255.0

HTH

Reza

w951duu
Level 1
Level 1

I'll have to remove the ip address on the current interface then create a sub for it as well, no?  The client is concerned about down time, but I'm assuming there will be some while I turn on trunking on the switch as well.

Thanks for your help.

w951duu wrote:

I'll have to remove the ip address on the current interface then create a sub for it as well, no?  The client is concerned about down time, but I'm assuming there will be some while I turn on trunking on the switch as well.

Thanks for your help.

Gregory

Yes you can't do this without some downtime for both the ASA and the switch.

Jon

Thanks Jon

Yes, you would need short outage window to do it

HTH

Reza

Thank you Reza

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco