I currently have an ASA5505 with the base license (no trunk ports allowed). The ASA is currently functioning as my router, DHCP server, and VPN device to work. I would like to add a Cisco wireless AP that will serve up two SSID's (a private SSID and a "guest" SSID). I want the private SSID to be on the same vlan as my other devices (computers, servers, printers, and have access to the split tunnel VPN). I want to limit the guest SSID to simply have access to the Internet. Below would be the network configuration:
Cisco ASA 5505
(192.168.1.1) - VLAN 1
(192.168.1.2) - VLAN 1 - Management
(192.168.10.1) -VLAN 10 - Private Network
(192.168.20.1) -VLAN 20 - Guest Wireless Network
The Cisco AP will have the SSID's tied to VLAN 10 and 20. The switch port will have both VLAN 10 untagged and VLAN 20 tagged.
I believe I need the Security Plus license to enable trunking on the ASA so that I can pass VLAN 10 and 20 to the ASA and then use ACL to block VLAN 20 to the private network and the VPN tunnel.
Is there a way I can use the switch's SVI to eliminate the need for the Security Plus license on the ASA? I know the new Cisco 2960S switches have the capability to do Layer3 static routing. Thanks.
as far as i know 2960S switches dont support L3 at at all, just L2.
the easiest way would be to enable trunking on the ASA create the vlans´s on all devices (switch, ap and asa), connect all of them with a trunk connection and let the ASA do the routing and also create the ACL on the ASA to regulate the inter-vlan routing and the internet access.
if you had an L3 switch you could connect the AP with a trunk and let the switch do the routing, create a routed port for the connection to the ASA, so the way to the ASA would be routed and the other connection to the AP would be switched.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...