Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
4
Replies

Vlan 5505

Go to solution
nikuhappy2010
Level 1
Level 1

‎07-31-2008 11:18 PM - edited ‎03-11-2019 06:24 AM

Hi,

What I am thinking to create three three V-lans on L2 switch like :-

1) Vlan-100

192.168.1.0/24

Int 1

2) Vlan-100

192.168.2.0/24

Int 2

3) Vlan-300

192.168.3.0/24

Int 3

Now one of the interface 4, want to use as a Trunk port which will be connect with directly FW. Now is it possible that all Vlan data go through the trunk port to FW to Internet. If it is then please show me a one example with configuration, if possible. Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dhananjoy chowdhury
Level 5
Level 5
In response to nikuhappy2010

‎08-01-2008 04:03 AM

If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.

Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
dhananjoy chowdhury
Level 5
Level 5

‎08-01-2008 01:14 AM

yes, you will have to use subinterfaces on the firewall. Suppose you connect the trunk port on the L2 switch with e0/1 on the FW, then on the FW configure like this

hostname(config)# interface ethernet0/1.1

hostname(config-subif)# vlan 100

hostname(config-subif)# nameif inside100

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.1.1 255.255.255.0

hostname(config)# interface ethernet0/1.2

hostname(config-subif)# vlan 200

hostname(config-subif)# nameif inside200

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.2.1 255.255.255.0

hostname(config)# interface ethernet0/1.3

hostname(config-subif)# vlan 300

hostname(config-subif)# nameif inside300

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.3.1 255.255.255.0

and then for allowing communication between the subnets of these vlans use the command

hostname(config)# same-security-traffic permit inter-interface

0 Helpful

Go to solution
nikuhappy2010
Level 1
Level 1
In response to dhananjoy chowdhury

‎08-01-2008 02:18 AM

If I would need three V-lans configured on ASA three seperate Interfaces then why wud i need to make these v-lans on Switch. My question was that is it possible that the all V-Lans traffic go through switch int 4 which is connected with FW int/0 and FW int/0 to internet. In this case, i want to configure only one interface on FW. Thanks.

0 Helpful

Go to solution
dhananjoy chowdhury
Level 5
Level 5
In response to nikuhappy2010

‎08-01-2008 04:03 AM

If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.

Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.

0 Helpful

Go to solution
nikuhappy2010
Level 1
Level 1
In response to dhananjoy chowdhury

‎08-01-2008 04:18 AM

Thanks:)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card