Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Isolating switch ports for a separate network, VLAN ?

Dear all,

I have to configure failover Active/Standby on my ASA 5510.

I am wondering how i could do for the outside interface, i mean, actually the ASA1--outside interface is linked directly to our Internet router.

So now if i have to add ASA2 connecting to that router i will need a switch between them.

I have already a switch for DMZ & LAN.

The thing is that i will have to allow 3 switchs ports to communicate with each others.

- 1 for ASA1--outside

- 1 for ASA2--outside

- 1 for Internet router

How could i isolate these 3 ports to make them communicate alone ? Should i use VLAN for that ?

And if i use VLAN, will this require to make any change of configuration on my firewalls (ASA1 & ASA2) outside interface ?

I am a bit lost with this, if i am correct i will not have to do some "vlan tagging" on the firewall itself ?

Thank you for your answer.




Re: Isolating switch ports for a separate network, VLAN ?

Just create a L2 vlan on a switch and assign 3 ports into that vlan  and plug them in . No L3 config needed on switch . This will be a common vlan for all 3 connections so no changes should be needed and they all should be able to talk to each other.

CreatePlease to create content