Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4864
Views
5
Helpful
4
Replies

VLAN trunks on ASA 5512-X

Go to solution
Black_Rabbit
Level 1
Level 1

‎01-08-2014 12:08 AM - edited ‎03-11-2019 08:26 PM

Hello all!

I have a problem with the ASA 5512-X configuration.

As I understand it does not support VLAN trunks (as ASA 5505). Аnd this is a big problem for me. =(

I have the following scheme (and unfortunately, I can not add L3 switch):

Документ1.png

Using subinterfaces I can configure only one port. The remaining ports refuse to be added to the same VLAN.

Please tell me how to configure such topology? Perhaps there is a way to make ASA 5512-X work as ASA 5505 ?

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-08-2014 12:12 AM

Hi,

The ASA5505 is very different compared to the other ASA models. It has a built in switch module so it has some qualities to it that you would expect in a L2/L3 switch.

However the ASA5512-X among with other ASA models has basic router ports that can be divived into different subinterfaces for the Vlans. You wont be able to configure the same Vlan to multiple ASA ports.

You should probably Trunk the switches together where needed and use a single Trunk from a switch to the ASA5512-X

- Jouni

View solution in original post

4 Replies 4

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-08-2014 12:12 AM

Hi,

The ASA5505 is very different compared to the other ASA models. It has a built in switch module so it has some qualities to it that you would expect in a L2/L3 switch.

However the ASA5512-X among with other ASA models has basic router ports that can be divived into different subinterfaces for the Vlans. You wont be able to configure the same Vlan to multiple ASA ports.

You should probably Trunk the switches together where needed and use a single Trunk from a switch to the ASA5512-X

- Jouni

Go to solution
Black_Rabbit
Level 1
Level 1
In response to Jouni Forss

‎01-08-2014 12:28 AM

Thank you, Jouni!

This is what I expected. =(

By strange coincidence, my customer does not want to change the upper part of the topology.

What do you think if I will use the following scheme:

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Black_Rabbit

‎01-08-2014 12:38 AM

Hi,

Why not just configure a Trunk between the middle switch and the ASA and keep the Trunk links between the switches?

I guess the above setup would essentially work but is not really typical.

Why do they want to use 3 different physical interfaces on the ASA instead of just configuring a Trunk between the ASA and a single switch and dividing the network from there?

- Jouni

0 Helpful

Go to solution
Black_Rabbit
Level 1
Level 1
In response to Jouni Forss

‎01-08-2014 12:44 AM

Jouni, thank you again!

They have second ASA 5512-X for cold standby and do not want to see any other "single point of failure".

This complicates the work, even for all the equipment and purchased SMARTnets.

In the original version I offered them to use one switch as the "core switch"))

OK, now I understand the whole situation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card