Below is Ethernet0/0 and it's subinterfaces. The physical Ethernet 0/0 is connected to a Gig port on a 2950T that is set to trunk.
I'm not using the native vlan but is the ASA dropping the native vlan data from the switch since the physical interface wasn't issued a nameif? and can I change the 2950T from trunk to allowing select vlans (switchport access 50,100,etc..)?
My reason for wanting to do this is because I have a Barracuda WebFilter that is designed to be inline. In my case between the ASA and switch. The webfilter can handle vlan traffic but not trunked.
Thanks for any input.
interface Ethernet0/0 no nameif no security-level no ip address ! interface Ethernet0/0.50 vlan 50 nameif Engineering security-level 80 ip address 192.168.220.1 255.255.255.0 ! interface Ethernet0/0.100 vlan 100 nameif OfficeNet security-level 90 ip address 192.168.92.1 255.255.255.0 ! interface Ethernet0/0.200 vlan 200 nameif Automation security-level 100 ip address 192.168.200.5 255.255.255.0 ! interface Ethernet0/0.201 vlan 201 nameif Enco security-level 100 ip address 10.107.61.1 255.255.255.0 ! interface Ethernet0/0.202 vlan 202 nameif Traffic security-level 95 ip address 192.168.202.5 255.255.255.0
the barracuda is supposed to be a network bridge. So Ethernet0/0 would be connected to the barracuda WAN port and then the LAN port of the barracuda would be connected to the switch. Currently Ethernet0/0 is connected directly to the switch.
So can I change the port on the switch so it's not a trunk anymore? and set switchport access vlan 50,100 etc... so that the barracuda can pass the vlan tagged packets.
No, if you do that, no tagged packets are going to get to the firewall... Remember that it has sub interfaces, which means that Tagged packets are expected...If the Barracuda cannot handle tagged packets... we are going to have a problem.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :