VLAN Trunking with ASA 5520

btrichardson · ‎11-06-2006

Hello all,

I'm wondering if anyone can give me some hints as to how to set up VLAN trunking between my ASA 5520 and my Catalyst 6509 router/switch. I am wanting to configure my network as follows... I have an external internet feed going into my 6509 via fiber. I want to come out of my 6509 to my ASA via copper, where I will have a few security contexts set up. I then want to go back into my 6509 with VLAN trunks so the VLANs can be accessed via the switch. Any suggestions?

Links to helpful documentation would be appreciated as well.

Thanks! Bryan

m-haddad · ‎11-06-2006

Step 1 To specify the new subinterface, enter the following command:

hostname(config)# interface physical_interface.subinterface

The subinterface ID is an integer between 1 and 4294967293.

For example, enter the following command:

hostname(config)# interface gigabitethernet0/1.100

Step 2 To specify the VLAN for the subinterface, enter the following command:

hostname(config-subif)# vlan vlan_id

The vlan_id is an integer between 1 and 4094. Some VLAN IDs might be reserved on connected switches, so check the switch documentation for more information.

You can only assign a single VLAN to a subinterface, and not to the physical interface. Each subinterface must have a VLAN ID before it can pass traffic. To change a VLAN ID, you do not need to remove the old VLAN ID with the no option; you can enter the vlan command with a different VLAN ID, and the security appliance changes the old ID.

Step 3 To enable the subinterface, enter the following command:

hostname(config-subif)# no shutdown

On the switch side you have to configure the Interface as Dot1q trunk.

Below you can find the link from where I got this information:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/about.htm

Please let me knwo if you need anything further,

Regards,