Announcement

Collapse
No announcement yet.

VLAN Help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VLAN Help

    Hi,

    I was wondering if someone could assist me.

    Currently getting ready to deploy a new ASA to replace the PIX and have got some questions.

    My PIX had an additional 4 port ethernet card which I haven't purchased for the ASA as I thought I would make use of the Sub Interface Option.

    So below is the interface config for ethernet0/3 which has got 3 subinterfaces, and also the config for my vlan switch.

    I have had a quick play and I could not seem to get the setup to work.

    I have connected Ethernet0/3 on the ASA to GigabitEthernet2/0/1 on the Switch, but I am not sure if this is correct.

    Can someone please advise.

    Thanks in advance.

    Paul

    ASA Firewall

    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/3.10
    description DMZ1
    shutdown
    vlan 10
    nameif dmz1
    security-level 50
    ip address 192.168.10.1 255.255.255.248
    !
    interface Ethernet0/3.20
    description DMZ2
    shutdown
    vlan 20
    nameif dmz2
    security-level 50
    ip address 192.168.20.1 255.255.255.0
    !
    interface Ethernet0/3.30
    description DMZ3
    shutdown
    vlan 30
    nameif dmz3
    security-level 50
    ip address 192.168.30.1 255.255.255.0

    VLAN Switch

    Building configuration...

    Current configuration : 3218 bytes
    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname vlan_switch
    !
    enable secret 5 XXXXXXXXXXXXXXXXXX
    !
    no aaa new-model
    switch 2 provision ws-c3750g-24t
    system mtu routing 1500
    ip subnet-zero
    !
    !
    !
    !
    !
    !
    no file verify auto
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    interface GigabitEthernet2/0/1
    !
    interface GigabitEthernet2/0/2
    !
    interface GigabitEthernet2/0/3
    switchport access vlan 10
    switchport mode access
    !
    interface GigabitEthernet2/0/4
    switchport access vlan 10
    switchport mode access
    !
    interface GigabitEthernet2/0/5
    switchport access vlan 10
    switchport mode access
    !
    interface GigabitEthernet2/0/6
    switchport access vlan 10
    switchport mode access
    !
    interface GigabitEthernet2/0/7
    switchport access vlan 10
    switchport mode access
    !
    interface GigabitEthernet2/0/8
    switchport access vlan 10
    switchport mode access
    !
    interface GigabitEthernet2/0/9
    description Uplink to Firewall
    switchport access vlan 20
    switchport mode access
    !
    interface GigabitEthernet2/0/10
    description RT1 - DBU1
    switchport access vlan 20
    switchport mode access
    speed 100
    duplex full
    !
    interface GigabitEthernet2/0/11
    description RT2 - DACS1
    switchport access vlan 20
    switchport mode access
    !
    interface GigabitEthernet2/0/12
    description RT3 -
    switchport access vlan 20
    switchport mode access
    speed 100
    duplex full
    !
    interface GigabitEthernet2/0/13
    description RT4 - DBU2
    switchport access vlan 20
    switchport mode access
    speed 100
    duplex full
    !
    interface GigabitEthernet2/0/14
    description RT5 - P2PS1
    switchport access vlan 20
    switchport mode access
    speed 100
    duplex full
    !
    interface GigabitEthernet2/0/15
    description RT6 - P2PS2
    switchport access vlan 20
    switchport mode access
    speed 100
    duplex full
    !
    interface GigabitEthernet2/0/16
    description RT7 -
    switchport access vlan 20
    switchport mode access
    speed 100
    duplex full
    !
    interface GigabitEthernet2/0/17
    description RT8 -
    switchport access vlan 20
    switchport mode access
    speed 100
    duplex full
    !
    interface GigabitEthernet2/0/18
    description Spare VLAN 20
    switchport access vlan 20
    switchport mode access
    speed 100
    duplex full
    !
    interface GigabitEthernet2/0/19
    switchport access vlan 30
    switchport mode access
    !
    interface GigabitEthernet2/0/20
    switchport access vlan 30
    switchport mode access
    !
    interface GigabitEthernet2/0/21
    switchport access vlan 30
    switchport mode access
    !
    interface GigabitEthernet2/0/22
    switchport access vlan 30
    switchport mode access
    !
    interface GigabitEthernet2/0/23
    switchport access vlan 30
    switchport mode access
    !
    interface GigabitEthernet2/0/24
    !
    interface Vlan1
    ip address 192.168.100.240 255.255.255.0
    !
    ip default-gateway 192.168.100.5
    ip classless
    ip http server
    ip http secure-server
    !
    !
    control-plane
    !
    !
    line con 0
    line vty 0 4
    password 7 XXXXXXXXXXXXX
    login
    length 0
    line vty 5 15
    password 7 XXXXXXXXXXXXX
    login
    !
    end

  • #2
    Re: VLAN Help

    GigabitEthernet2/0/1 need to look like this otherwise it will not be able to pass vlan information.

    interface GigabitEthernet2/0/1
    switchport trunk encapsulation dot1q
    switchport mode trunk
    CCNA, Network+

    Comment


    • #3
      Re: VLAN Help

      Hi,

      you should define your switch port as trunk, then you should issue command
      (No shutdown ) to all sub interfaces on the ASA

      Thanks

      Comment

      Working...
      X