https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811917#M977268 <HTML><HEAD></HEAD><BODY><P>Thanks Vibhor.</P><P></P><P>Do I still need setup "encapsulation dot1Q vlan name" in the sub interface or only setup dot1q in the switch side? </P><P></P><P>Ben </P><P></P><P></P></BODY></HTML> Fri, 29 Jun 2007 21:08:04 GMT bma 2007-06-29T21:08:04Z https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811915#M977266 <P>Hi</P><P></P><P> We need creat multi vlan in the ASA 5520 dmz, dmz switch is cisco 2960. How to config ASA dmz sub interface to 2960 trunk port? could send a example?</P><P></P><P>Thanks</P><P></P><P>ben </P> Mon, 11 Mar 2019 10:37:45 GMT https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811915#M977266 bma 2019-03-11T10:37:45Z https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811916#M977267 <HTML><HEAD></HEAD><BODY><P>Hi ,</P><P></P><P>You may create subinterfaces using gi0/2 interface and connect this interface to trunk port of 2960. The physical port by itself will act as trunk port and you dont need to configure this separately.</P><P></P><P>We need to keep in mind that if you have created subinterfaces and have not given any nameif command on the main physical interface then this interface will only accept tagged packets. Thus packets from native vlan on switch trunk will be dropped. If you need to pass these native vlan packets also, you can give nameif command on the main physical interface. So lets say you have following</P><P></P><P>gi0/2</P><P>nameif dmz</P><P></P><P>gi0/2.1</P><P>nameif dmz1</P><P>vlan 10</P><P></P><P>gi0/2.2</P><P>nameif dmz2</P><P>vlan 20</P><P></P><P>so you need to connect gi0/2 port to the trunk port of 2960. ASA would accept tagged packets for vlan 10, 20 and these will be sent to gi0/2.1 and gi0/2.2 respectively. Untagged packets will be sent directly on the physical interface which would be part of native vlan.</P><P></P><P>Following link may be helpful:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/general/intrface.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/general/intrface.htm</A></P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Fri, 29 Jun 2007 20:41:52 GMT https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811916#M977267 vitripat 2007-06-29T20:41:52Z https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811917#M977268 <HTML><HEAD></HEAD><BODY><P>Thanks Vibhor.</P><P></P><P>Do I still need setup "encapsulation dot1Q vlan name" in the sub interface or only setup dot1q in the switch side? </P><P></P><P>Ben </P><P></P><P></P></BODY></HTML> Fri, 29 Jun 2007 21:08:04 GMT https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811917#M977268 bma 2007-06-29T21:08:04Z https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811918#M977269 <HTML><HEAD></HEAD><BODY><P>ASA/PIX by default only support 802.1q encapsulation. However on the switch side you need to configure trunk for 802.1q encapsulation.</P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Fri, 29 Jun 2007 21:22:11 GMT https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811918#M977269 vitripat 2007-06-29T21:22:11Z https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811919#M977270 <HTML><HEAD></HEAD><BODY><P>I know this is an old thead but this came up when I was searching for an answer to my question.</P><P></P><P>I have an ASA5510.</P><P></P><P>Below is Ethernet0/0 and it's subinterfaces. The physical Ethernet 0/0 is connected to a Gig port on a 2950T that is set to trunk.</P><P></P><P>I'm not using the native vlan so is the ASA dropping the native vlan? and can I change the 2950T from trunk to allowing vlans?</P><P></P><P>My reason for wanting to do this is because I have a Barracuda WebFilter that is designed to be inline. In my case between the ASA and switch. The webfilter can handle vlan traffic but not trunked.</P><P></P><P>Thank for any input.</P><P></P><P></P><P><SPAN style="font-family: Arial;">interface Ethernet0/0<BR /> no nameif<BR /> no security-level<BR /> no ip address<BR />!<BR />interface Ethernet0/0.50<BR /> vlan 50<BR /> nameif Engineering<BR /> security-level 80<BR /> ip address 192.168.220.1 255.255.255.0 <BR />!<BR />interface Ethernet0/0.100<BR /> vlan 100<BR /> nameif OfficeNet<BR /> security-level 90<BR /> ip address 192.168.92.1 255.255.255.0 <BR />!<BR />interface Ethernet0/0.200<BR /> vlan 200<BR /> nameif Automation<BR /> security-level 100<BR /> ip address 192.168.200.5 255.255.255.0 <BR />!<BR />interface Ethernet0/0.201<BR /> vlan 201<BR /> nameif Enco<BR /> security-level 100<BR /> ip address 10.107.61.1 255.255.255.0 <BR />!<BR />interface Ethernet0/0.202<BR /> vlan 202<BR /> nameif Traffic<BR /> security-level 95<BR /> ip address 192.168.202.5 255.255.255.0 </SPAN></P></BODY></HTML> Tue, 23 Nov 2010 00:06:17 GMT https://community.cisco.com/t5/network-security/how-to-create-trunk-port-with-asa-5520/m-p/811919#M977270 tony.broom 2010-11-23T00:06:17Z