I inherited a C4510R+E switch with about 15 VLANs which can all talk to each other just fine. I have been tasked with isolated 1 of the VLANs from all of the others and putting a firewall (ASA5510) in between the other VLANs and the isolated one. I would like to keep the VLAN ID everything else the same for a quick switch over. What would be the best way to acomplish this?
If you are just trying to filter the specific traffic that goes in and out of that vlan, just set up a L3 inteface on the 4500, connect one of the asa interfaces to that L3 port and use a static route to send the destination IP space of that vlan to the ASA.
The other interface of the asa will go to the isolated vlan on the 4500. The IP address of this interface will be the existing svi on the 4500 so the client gateway won't have to change. Remove the svi for that vlan from the 4500.
If you do not have a L3 SVI for the isolated vlan on the 4500 then the isolated vlan will not be able to use the 4500 to route to other vlans ie. it will have to go via the ASA and you can control it from there.
Will it cause a security issue with having the other 14 vlans able to communicate? That's up to your policy and if you want the different vlans to talk to each other.
If you don't want them communicating or want the traffic controlled, either set up vlan ACLs or move the L3 interfaces to an ASA subinterface and control traffic between the vlans from there. Keep in mind there are limits on the number of subinterfaces a 5510 can have.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...