Below is Ethernet0/0 and it's subinterfaces. The physical Ethernet 0/0 is connected to a Gig port on a 2950T that is set to trunk.
I'm not using the native vlan but is the ASA dropping the native vlan data from the switch since the physical interface wasn't issued a nameif? and can I change the 2950T from trunk to allowing select vlans (switchport access 50,100,etc..)?
My reason for wanting to do this is because I have a Barracuda WebFilter that is designed to be inline. In my case between the ASA and switch. The webfilter can handle vlan traffic but not trunked.
Thanks for any input.
no ip address
ip address 192.168.220.1 255.255.255.0
ip address 192.168.92.1 255.255.255.0
ip address 192.168.200.5 255.255.255.0
ip address 10.107.61.1 255.255.255.0
ip address 192.168.202.5 255.255.255.0
Well, Very much expected.... Since you have done subinterfaces, it means that all packets now will be 802.1 q tagged. Now, The barracuda in what exactly interface is it going to be?
the barracuda is supposed to be a network bridge. So Ethernet0/0 would be connected to the barracuda WAN port and then the LAN port of the barracuda would be connected to the switch. Currently Ethernet0/0 is connected directly to the switch.
So can I change the port on the switch so it's not a trunk anymore? and set switchport access vlan 50,100 etc... so that the barracuda can pass the vlan tagged packets.
No, if you do that, no tagged packets are going to get to the firewall... Remember that it has sub interfaces, which means that Tagged packets are expected...If the Barracuda cannot handle tagged packets... we are going to have a problem.