ASA 5505 Trunk ports

Unanswered Question
Jun 19th, 2012
User Badges:



I need to configure my cisco ASA firewall using trunk ports for connect some switches ( cisco and HP)

each port connected to the switches will use the same security level but with differente IP: example

interface Vlan4

nameif inside4

security-level 100

ip address

interface Vlan5

nameif inside5

security-level 100

ip address

interface Vlan6

nameif inside6

security-level 100

ip address

interface Vlan7

nameif inside7

security-level 100

ip address

Each port of the firewall will be configured like this:

interface Ethernet0/2

switchport trunk allowed vlan 4 5 6 7

Do i need to allow the native VLAN in the trunks ports or a special tag? because i also need to add a new vlan (vlan 1 for some servers)

I would like to know if i need to add some kind of routing for this in the firewall?,  i know as the firewall will be the layer 3 equipment it will route between the vlan's.

Also, my configuration in the switches should be only a trunk port? do i need to specify a tag for this vlans?

I each switch i will configure the VLAN with IP also ( vlan 4 5 6 7 and vlan 1 ).


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Ramraj Sivagnan... Mon, 07/16/2012 - 00:59
User Badges:
  • Silver, 250 points or more

Hi Bro

Please do add these commands in your Firewall, and you should be good.


same-security-traffic permit intra-interface


interface Ethernet0/2

description ## Link to HP Access Switch (Manageable Switch) ##

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 4,5,6,7


Please do ensure you've similar configuration in your HP Access Switch, as well. Yes, the port has to be dot1q trunk.

For further details on this, please do refer to

P/S: If you think this comment is useful, please do rate it well :-)


This Discussion

Related Content