Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to create a 2nd vlan on a private switch behind a pix asa5510

I've got a situation where a client has an ASA5510 Pix with a switch behind the internal interface.  The switch has only vlan 1, but now wants to create a 2nd vlan on the switch for a new server.

How would I accomplish this?  I can't trunk on the interface to the PIX, so how would I get them access to the new vlan.

3 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Super Bronze

Re: How to create a 2nd vlan on a private switch behind a pix as

Hi Greg,

You can create a sub-interface on the ASA for each vlan

interface Ethernet0/1.1
vlan 8
nameif int
security-level 100
ip address 172.16.8.1 255.255.255.0
!
interface Ethernet0/1.2
  vlan 9
nameif int2
security-level 100
ip address 172.16.9.1 255.255.255.0

HTH

Reza

Hall of Fame Super Blue

Re: How to create a 2nd vlan on a private switch behind a pix as

w951duu wrote:

I'll have to remove the ip address on the current interface then create a sub for it as well, no?  The client is concerned about down time, but I'm assuming there will be some while I turn on trunking on the switch as well.

Thanks for your help.

Gregory

Yes you can't do this without some downtime for both the ASA and the switch.

Jon

VIP Super Bronze

Re: How to create a 2nd vlan on a private switch behind a pix as

Yes, you would need short outage window to do it

HTH

Reza

6 REPLIES
VIP Super Bronze

Re: How to create a 2nd vlan on a private switch behind a pix as

Hi Greg,

You can create a sub-interface on the ASA for each vlan

interface Ethernet0/1.1
vlan 8
nameif int
security-level 100
ip address 172.16.8.1 255.255.255.0
!
interface Ethernet0/1.2
  vlan 9
nameif int2
security-level 100
ip address 172.16.9.1 255.255.255.0

HTH

Reza

New Member

Re: How to create a 2nd vlan on a private switch behind a pix as

I'll have to remove the ip address on the current interface then create a sub for it as well, no?  The client is concerned about down time, but I'm assuming there will be some while I turn on trunking on the switch as well.

Thanks for your help.

Hall of Fame Super Blue

Re: How to create a 2nd vlan on a private switch behind a pix as

w951duu wrote:

I'll have to remove the ip address on the current interface then create a sub for it as well, no?  The client is concerned about down time, but I'm assuming there will be some while I turn on trunking on the switch as well.

Thanks for your help.

Gregory

Yes you can't do this without some downtime for both the ASA and the switch.

Jon

New Member

Re: How to create a 2nd vlan on a private switch behind a pix as

Thanks Jon

VIP Super Bronze

Re: How to create a 2nd vlan on a private switch behind a pix as

Yes, you would need short outage window to do it

HTH

Reza

New Member

Re: How to create a 2nd vlan on a private switch behind a pix as

Thank you Reza

391
Views
0
Helpful
6
Replies
CreatePlease to create content