Can someone verify the premise behind subinterfaces/vlans on an ASA? I'm a little confused. On a router, a subinterface or secondary interface is a logical interface using a hardware interface. No switch required. But now as I understand subinterface, also called vlans, on an ASA a switch is required. It looks like the ASA interface is merely a trunk link and the switch itself provides port capacity for different vlans. Is my understanding correct?
ok, I have a 5510. So what this really allows me to do is breakout the pyhsical interface of a dmz port into multiple vlans on a switch rather than like in the past where a switch would only add port capacity to a single subnet or network.
ASA5510 is somewhat different from that of asa5505 which previous posters explain and answered your question which sort of gears towards the 5505 that has builtin-switch, but..generaly 802.1q trunking is a standard that can be applied acrross any platform that supports it.
In the asa5510 there is not built-in switch, so in order for you to create more routable L3 interfaces then you will need to use a physical port and yes.. brake it down of split it into several logical subinterfaces, in this case you will need a switch in order you create the L2 vlans conrespnding to the L3 subinterfaces in the firewall.
In short, your model asa5510 can support up to 50 VLANs with base license or 100 VLANs with Security Plus license per firewall, you may create any combination of subinterfaces with unique names DMZ1, DMZ2 etc. as well as unique security levels.
Creating the subinterfaces off a physical interface on the asa5510 will automatically turn on 802.1q trunking, it will just be a task to configure the switch port connecting the physical port of the firewall with 802.1q encapsulation as well as the L2 VLANS and again assign the switch ports the right vlan numbers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :