Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA with 802.1Q

Hi all

I want to know if it's possible (see attachment for detail) to manage multiple subnet within a Layer 3 switch (3750) through a ASA5520 with 802.1Q tagging.

Refering to jpg file; the SQL and ACS subnet are only define in the layer 3 switch The DMZ port on the ASA are not in the SQL or ACS subnet.

It is possible ?

Thank you very much for your help.

5 REPLIES
Gold

Re: ASA with 802.1Q

you can let the ASA do your intervlan routing (as well as security between vlans), but you might be better off using the routing capabilities of the 3750 if you don't need much security between vlans.

the ASA can do 802.1q trunking though using subinterfaces with the 'vlan' command.

New Member

Re: ASA with 802.1Q

Do I need a particular Software version on my ASA ?

Gold

Re: ASA with 802.1Q

New Member

Re: ASA with 802.1Q

Do I need to put subinterface on my inside interface too or just on my DMZ port ?

Does the ASA subinterfaces are trunking 802.1q by defaut ?

Thank you very much

Gold

Re: ASA with 802.1Q

the ASA's only do dot1q so there's no way to specify encapsulation type.

there are two steps to creating a dot1q trunk...

1. create the subinterface

2. specify the vlan number on subinterface.

- then assign normal interface commands (nameif, security-level, address, description...acls)

eg.

int eth0/2.100

vlan 100

nameif dmz1

security-level 50

ip address 10.1.1.1 255.255.255.0

specify trunking on the switch as you normally would, just make sure you use dot1q and that the vlans you use on the ASA exist on your switch(es)

307
Views
4
Helpful
5
Replies