Connectivity between ASA 5505 and cisco switch 3750

Unanswered Question
Aug 13th, 2010

Hi ,

I have network set-up with cisco ASA 5505 as a layer 3 connectivity for 3 Vlans which are created in cisco switch 3750 ( mentioned switch is configured as a layer 2 )  it is suppose to connect directly to ASA .


If I would have got connectivity to  router for layer 3 , it would have been simple to make subinterface and configure as a trunk but about ASA , I have no idea.

I would like to configure the trunk connection between ASA and cisco switch 3750 ( this switch is configured as a layer 2 functionality only ) .

It would be greatful to get response for mentioned query.

for further details , I have attached 3750 switch configuration. I need configuration on ASA side.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cowetacoit Fri, 08/13/2010 - 05:37

Check out these two Docs. One is for the ASDM and the other CLI for the ASA. Basically you create the vlans on the ASA then assign them to the interface. As for the switch the config looks fine. You will need to add a 802.1x trunk to your ASA with needed vlans.

http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/intrface.html#wp1082576

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/intrface.html#wp1082576

Hitesh Vinzoda Fri, 08/13/2010 - 05:39

Hi

You dont have to configure anything under the physical internface on ASA. See the configuration below for ASA

interface GigabitEthernet0/2.56
vlan 56
nameif corp
security-level 20
ip address 172.21.56.1 255.255.255.0

interface GigabitEthernet0/2.57
vlan 57
nameif sales

security-level 30
ip address 172.21.57.1 255.255.255.0

and so on.

you have configure the port on 3750 to be configured as dot1q trunk. thats it...!! Also when you are using 3750 switch as a layer 2, dont use default route, instead of that you can use ip default-gateway x.x.x.x command to accomplist the same.

HTH

Hitesh Vinzoda

Pls rate useful posts

Nagaraja Thanthry Fri, 08/13/2010 - 07:02

Hello,

5505 is a firewall with switch module on it. So, you need to configure it

similar to a switch. Please try the following on the firewall:

interface vlan 1

nameif inside

security-level 100

ip address

Switchport trunk encapsulation dot1q

Switchport mode trunk

exit

Here is a guide on ASA5505 configuration:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/i...

05.html

Hope this helps.

Regards,

NT

Actions

This Discussion