cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3406
Views
0
Helpful
6
Replies

ASA 5505 - 2.5 VLAN limit

rwagner
Level 1
Level 1

In 2008 & 2009 I deployed around 2 dozen ASA5505's to small organizations.  I love the new ASA's so much that I even purchased one for my own home.

With that said I still have a hard time undersatnding why Cisco decided 2.5 VLANs was the limit.  In my experience it is barely enough and requires creative configuring to really meet the needs of even the smallest of enviornments.  Even in my own home I have a hard time with the VLAN limitation.

VLAN 1 - LAN

VLAN 2 - WAN

nearly ever environment needs a 3rd VLAN.  Either for VOIP, WLAN, or DMZ.

I have 3 questions.

1) What needs to happen to get this changed so that ASA5505 have 3-6 VLANS as their new non-trunked max.

2) What does everyone else think about this limitation?

3) Is there an upgrade license available that I am not aware of for the 5505 that increases the VLAN max on the 5505?

6 Replies 6

scootertgm
Level 1
Level 1

I believe you need the security plus license for it to open things up.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Scroll to the bottom to see the note on the vlans.

Unless I am misreading the chart the security bundle doesn't add non-trunked vlans.  only trunked vlans.

When I was talking to a cisco rep, I know the license allowed full communication between the three vlans. I thought that may have been what you were asking.

Ryan,

You are reading it correctly, VLANs are still limited. It does limit you, but Cisco provisions the box slightly above a Linksys and makes it cost effective for SOHO environments. The 5510 is focused towards small enterprise/remote office type solutions. We never use and rarely sell the 5505 because of the limitations on it. We suggest to our clients to spend the extra cash and get a 'future proof' device.

Hope it helps.

That sounds like 1 vote for the product needing a little bit of a change in non-trunk VLAN allowance.

The cost difference and feature difference between the 5505 and 5510 is huge.  Overall its a difficult piece of equipment to deploy to even a SOHO.  Even the smallest of organizations need 3 full non-trunked vlans.  Generally it is a better value and price point to purchase a ASA5505, Moderaly priced router, and moderately priced switch.  I just wish that Cisco would allow SOHO's to deploy with a firewall and switch and that is only possible from a 5510 or higher.

We always give the customer the option, but we push using a router more often than the ASA. A router has so many more features even though the performance of the firewall on a router is less than an ASA. There are some features that requires an ASA though. I will never (again) configure SSLVPN on a router. Smooth as silk on an ASA and nothing but trouble on a router!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: