Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5505 vlan routing with C2960

Hi, I need to have vlans on my C2960 routed using an ASA.

- Do I need to using VLAN interfaces or subinterfaces?

- Does the port connecting to the 2960 need to be trunked?

Here is the config I was planning on adding on the ASA:

#### CONFIG BEGIN ####

interface vlan 100

nameif outside

security-level 0

ip address 10.0.1.254 255.255.255.0

no shutdown

interface vlan 101

nameif mgmt

security-level 100

ip address 10.1.1.254 255.255.255.0

no shutdown

interface vlan 102

nameif ClassII

security-level 50

ip address 10.2.1.254 255.255.255.0

no shutdown

interface vlan 103

nameif ClassIII

security-level 50

ip address 10.3.1.254 255.255.255.0

no shutdown

interface vlan 104

nameif Acronis

security-level 50

ip address 10.4.1.254 255.255.255.0

no shutdown

interface vlan 105

nameif PreProd

security-level 50

ip address 10.5.1.254 255.255.255.0

no shutdown

interface ethernet 0/0

switchport access vlan 100

ip addr 70.X.X.X 255.255.X.X

no shutdown

interface ethernet 0/1

switchport mode trunk

switchport trunk allowed vlan 101-105

no shutdown

same-security-traffic permit inter-interface

#### CONFIG END ####

Also, if using same-security-traffic, can I still use access-lists to filter traffic between the vlans?

Thanks for the help.

1 REPLY
Gold

Re: ASA5505 vlan routing with C2960

If you haven't seen this guide already, here:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html

"Configuring Interfaces for the Cisco ASA 5505 Adaptive Security Appliance"

323
Views
5
Helpful
1
Replies