Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Stuck with SG500X, vsphere 5.5, ASA 5505 and VLAN config

Hi, 

I'm having two C220M3 here running vSphere 5.5U1 (ESXi lus vCenter 5.5U1). 
I'm only using the two onboard NICs (CIMC NIC is used only for management, nothing else). 
So far my plan was to use the first onboard NIC for 

- VM Network (Host Management, no VLAN) 
- INTRANET (VM LAN, no VLAN) 
- DMZ (VM LAN, VLAN 12 is set in VMware) 
- DMZ2 (VM LAN, VLAN 22 is set in VMware) 

The second onboard NIC is used for iSCSI traffic only (to a Netapp 2040 and other storages). 
Here there is no tagging by VMware and the storages so I put the ports (where the hosts and storages are connected to) into Access Mode and placed them into VLAN 8
This works - but that's the easy part. 

 

The ASA is using VLAN 12 for DMZ and VLAN 22 for DMZ2 (switchport mode of the ASA ports is Access). 
Port 3 of the ASA is connected to the SG500x (stack with a SG500, layer 2 mode, 4 queues; necessary VLANs are defined) - but obviously I'm not man enough to configure VLANs on the ports right to get traffic from the VMware to the ASA and out of there. 

I was thinking that the first onboard port of the host (VM Network, INTRANET, DMZ, DMZ2) connected to the SG500x needs to be 

- in trunk mode 
having 
- VLAN 1 as untagged (covering VM Network and INTRANET) and 
- VLAN12 and VLAN 22 as tagged VLANs (1UP, 12T, 22T in the web UI, switchport trunk allowed vlan add 12,22 in IOS/CLI) 

while the port where the ASA is connected to the switch (here just DMZ2 -> VLAN22; DMZ with VLAN12 is an own switchport on the ASA) needs to be 
- in Access mode 
having 
- VLAN22 tagged (22UP; switchport mode access + switchport access vlan 22) 

 

I was unable to get connect to the ASA and over (FW rules are ok to get outside, interface on the ASA is up) 

I was also trying other settings for the port where the ASA is connected like 

trunk with 1UP and 22T (switchport trunk allowed vlan add 22)
trunk with PVID22 (switchport trunk native vlan 22) 

without positive results. 

 

Any recommendations for me?

Regards!

1 REPLY
New Member

Great support, thx Cisco for

Great support, thx Cisco for nothing ...

84
Views
5
Helpful
1
Replies