×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Isolating switch ports for a separate network, VLAN ?

Unanswered Question
Feb 3rd, 2012
User Badges:

Dear all,


I have to configure failover Active/Standby on my ASA 5510.


I am wondering how i could do for the outside interface, i mean, actually the ASA1--outside interface is linked directly to our Internet router.


So now if i have to add ASA2 connecting to that router i will need a switch between them.


I have already a switch for DMZ & LAN.


The thing is that i will have to allow 3 switchs ports to communicate with each others.

- 1 for ASA1--outside

- 1 for ASA2--outside

- 1 for Internet router


How could i isolate these 3 ports to make them communicate alone ? Should i use VLAN for that ?


And if i use VLAN, will this require to make any change of configuration on my firewalls (ASA1 & ASA2) outside interface ?


I am a bit lost with this, if i am correct i will not have to do some "vlan tagging" on the firewall itself ?


Thank you for your answer.


Regards,


David

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
glen.grant Fri, 02/03/2012 - 10:12
User Badges:
  • Purple, 4500 points or more

Just create a L2 vlan on a switch and assign 3 ports into that vlan  and plug them in . No L3 config needed on switch . This will be a common vlan for all 3 connections so no changes should be needed and they all should be able to talk to each other.

Actions

This Discussion