Connectivity between ASA 5505 and cisco switch 3750

Unanswered Question
Aug 13th, 2010
User Badges:

Hi ,


I have network set-up with cisco ASA 5505 as a layer 3 connectivity for 3 Vlans which are created in cisco switch 3750 ( mentioned switch is configured as a layer 2 )  it is suppose to connect directly to ASA .


If I would have got connectivity to  router for layer 3 , it would have been simple to make subinterface and configure as a trunk but about ASA , I have no idea.


I would like to configure the trunk connection between ASA and cisco switch 3750 ( this switch is configured as a layer 2 functionality only ) .


It would be greatful to get response for mentioned query.


for further details , I have attached 3750 switch configuration. I need configuration on ASA side.



Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cowetacoit Fri, 08/13/2010 - 05:37
User Badges:

Check out these two Docs. One is for the ASDM and the other CLI for the ASA. Basically you create the vlans on the ASA then assign them to the interface. As for the switch the config looks fine. You will need to add a 802.1x trunk to your ASA with needed vlans.


http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/intrface.html#wp1082576


http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/intrface.html#wp1082576

Hitesh Vinzoda Fri, 08/13/2010 - 05:39
User Badges:
  • Silver, 250 points or more

Hi


You dont have to configure anything under the physical internface on ASA. See the configuration below for ASA


interface GigabitEthernet0/2.56
vlan 56
nameif corp
security-level 20
ip address 172.21.56.1 255.255.255.0


interface GigabitEthernet0/2.57
vlan 57
nameif sales

security-level 30
ip address 172.21.57.1 255.255.255.0


and so on.


you have configure the port on 3750 to be configured as dot1q trunk. thats it...!! Also when you are using 3750 switch as a layer 2, dont use default route, instead of that you can use ip default-gateway x.x.x.x command to accomplist the same.


HTH


Hitesh Vinzoda


Pls rate useful posts

Nagaraja Thanthry Fri, 08/13/2010 - 07:02
User Badges:
  • Cisco Employee,

Hello,


5505 is a firewall with switch module on it. So, you need to configure it

similar to a switch. Please try the following on the firewall:


interface vlan 1

nameif inside

security-level 100

ip address

Switchport trunk encapsulation dot1q

Switchport mode trunk

exit


Here is a guide on ASA5505 configuration:


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/i...

05.html


Hope this helps.


Regards,


NT

Actions

This Discussion