Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3357
Views
15
Helpful
10
Replies

ASA and spanning tree

daddum61
Level 1
Level 1

‎02-17-2020 03:06 AM

does an ASA 5506 support spanning tree ?

i need to connect a ring to it on the external side

Labels:
0 Helpful
10 Replies 10

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-17-2020 03:18 AM

Hi,

 

ASA does not support spanning tree what I have seen so far.

 

Can you elaborate more about connectivity of Ring and your concern ? 

0 Helpful

daddum61
Level 1
Level 1
In response to Muhammad Awais Khan

‎02-17-2020 03:26 AM

existing 3750 ----- asa 5506 ======ring around a load of westermo industrial switches


i need one connection on the inside of the asa and 2 on the outside for the ring, if the ring breaks then i need spanning tree to keep it working

0 Helpful

Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to daddum61

‎02-17-2020 03:47 AM

In that case you can configure your 2 outside interface part of same Bridge-group which is connected to Ring. 

0 Helpful

daddum61
Level 1
Level 1
In response to Muhammad Awais Khan

‎02-17-2020 04:35 AM

does the asa 5506 allow for 2 outside ports ?
0 Helpful

Sheraz.Salim
VIP
VIP
In response to daddum61

‎02-17-2020 09:25 AM

ASA5506-X  1 - 8 interfaces and 1 management port. you can configured the interface according to your requirement.

please do not forget to rate.

daddum61
Level 1
Level 1
In response to Sheraz.Salim

‎02-17-2020 11:10 AM

will this work in routed mode ?
0 Helpful

Sheraz.Salim
VIP
VIP
In response to daddum61

‎02-17-2020 11:33 AM

Yes Routed mode and even work in Transparent mode.

please do not forget to rate.

daddum61
Level 1
Level 1
In response to Sheraz.Salim

‎02-17-2020 11:39 AM

but the cisco web site says

"Routed mode only supports routed interfaces. Transparent firewall mode only supports bridge group and BVI interfaces."
0 Helpful

Sheraz.Salim
VIP
VIP
In response to daddum61

‎02-17-2020 12:20 PM

ASA 5506x support the BVI feature in Routed mode and also support it in Transparent mode. here link.

please do not forget to rate.

daddum61
Level 1
Level 1
In response to Sheraz.Salim

‎02-18-2020 03:21 AM

well i had a little play with this

created a ring of 3 x 3560 switches

connected each end of the ring into the firewall

setup a ping from one switch to another and then broke the ring and the STP works fine

however,

if i setup a ping from the firewall to sw1 and then fail the link between the firewall sw1 my ping fails for around 5 mins however when i reconnect firewall to sw1 it switches back in a few seconds


with everything connected the port that normally blocks is in between sw1 and sw2


ASA-----sw1--[blocking]--sw2---sw3--¬

|____________________________|

so why does it take 5 mins to realize that i pulled the link between firewall and sw1 ?

is it due to the mac table ?


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card