Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Vlan 5505

Hi,

What I am thinking to create three three V-lans on L2 switch like :-

1) Vlan-100

192.168.1.0/24

Int 1

2) Vlan-100

192.168.2.0/24

Int 2

3) Vlan-300

192.168.3.0/24

Int 3

Now one of the interface 4, want to use as a Trunk port which will be connect with directly FW. Now is it possible that all Vlan data go through the trunk port to FW to Internet. If it is then please show me a one example with configuration, if possible. Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Vlan 5505

If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.

Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.

4 REPLIES

Re: Vlan 5505

yes, you will have to use subinterfaces on the firewall. Suppose you connect the trunk port on the L2 switch with e0/1 on the FW, then on the FW configure like this

hostname(config)# interface ethernet0/1.1

hostname(config-subif)# vlan 100

hostname(config-subif)# nameif inside100

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.1.1 255.255.255.0

hostname(config)# interface ethernet0/1.2

hostname(config-subif)# vlan 200

hostname(config-subif)# nameif inside200

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.2.1 255.255.255.0

hostname(config)# interface ethernet0/1.3

hostname(config-subif)# vlan 300

hostname(config-subif)# nameif inside300

hostname(config-subif)# security-level 100

hostname(config-subif)# ip address 192.168.3.1 255.255.255.0

and then for allowing communication between the subnets of these vlans use the command

hostname(config)# same-security-traffic permit inter-interface

Community Member

Re: Vlan 5505

If I would need three V-lans configured on ASA three seperate Interfaces then why wud i need to make these v-lans on Switch. My question was that is it possible that the all V-Lans traffic go through switch int 4 which is connected with FW int/0 and FW int/0 to internet. In this case, i want to configure only one interface on FW. Thanks.

Re: Vlan 5505

If you see my previous post I have mentioned about Subinterfaces, which are created on a physical interface e0.

Alnd you are connecting only 1 cable from the switch to the FW (int 4 in your case) to the FW (int e0), for the three vlans.

Community Member

Re: Vlan 5505

Thanks:)

257
Views
0
Helpful
4
Replies
CreatePlease to create content