I'm attempting to setup a new ASA 5510 with a VLAN but there are no VLAN commands that appear to be avaliable to me. The documentation says it supports up to 10 VLANs. Am I missing something? Is it a licensing issue?
There is no vlans commands per say, you need to implement 802.1q trunking, in other words configure subinterfaces in firewall automatically enables trunking, trunk to your switch, create L2 vlans on the switch for each conrresponding subinterface created in firewall.
I have (2) 5510's with base licenses, but running v7.0(7). I guess I probably should upgrade :). They are only a few months old and haven't been turned on in production yet.
In one document I read that it support 10, but another indicated that you needed Security+ to support 10. It looks like it changed with v8 firmware. I was in the wrong place when I attempted to use the vlan command as I was on the interface, not a sub-interface. On a sub-interface, it worked and let me add a VLAN.
I'm working with a HP ProCurve 3400cl L3 switch and HP recommended setting up multiple VLAN's to simplify routing. But I have a site that is still using a PIX 506, and I'm not sure that those support VLANs. I need to upgrade them (since the PIX is EOL), but that isn't possible until later this year or early next. I've not used VLANs before as the networks are fairly small (< 50 hosts) and didn't have a need. Any doc's that you can point me to would be appreciated!
Yes, 7.0(7) is GD as well as 7.0.8 GD is ssaid to be most stable ,however, my personal opinion, since your 5510s are not in
production may as well upgrade them to latest version 8.0(3) and take advantage of many features that 7.x does not have.
I also recommend to have Security plus license. I am soon upgrading our PIXes 515Es and that is what I will be getting 5510 with sec plus licenses. Sec plus license activates other features base license does not, see first link in my 1st post for details.
As for the PIX 506 if it is 506E it can support up to 2 VLANs with code 6.3.5 code and that is the max code it can support on the 6.x train almost same principle with trunking.
For PIX 506e it woulb be something as:
interface ethernet0 auto ( Outside interface physical )
interface ethernet1 auto (inside interface physical )
nameif ethernet1 inside security100 (sec level for inside )
nameif vlan3 inside2 security99 (sec level for inside2)
ip address inside 22.214.171.124 255.255.255.0
ip address inside2 126.96.36.199 255.255.255.0
On the swithc side would be if you have cisco switch
vtp domain test_lab
vtp password cisco
vlan 2 name inside_188.8.131.52/24
vlan 3 name inside2_184.108.40.206/24
Description trunk_Connection_pix ethernet1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,3
something along those lines. Let me find some links for creating L2 vlans on switches , but not sure if same principle applies on HP switches, they may have different command syntax, I never worked with HPs.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...