ASA 5505 Trunk ports

lecarbajalp · ‎06-19-2012

Hello,

t

I need to configure my cisco ASA firewall using trunk ports for connect some switches ( cisco and HP)

each port connected to the switches will use the same security level but with differente IP: example

interface Vlan4

nameif inside4

security-level 100

ip address 10.10.2.1 255.255.255.0

interface Vlan5

nameif inside5

security-level 100

ip address 10.10.3.1 255.255.255.0

interface Vlan6

nameif inside6

security-level 100

ip address 10.10.4.1 255.255.255.0

interface Vlan7

nameif inside7

security-level 100

ip address 10.10.5.1 255.255.255.0

Each port of the firewall will be configured like this:

interface Ethernet0/2

switchport trunk allowed vlan 4 5 6 7

Do i need to allow the native VLAN in the trunks ports or a special tag? because i also need to add a new vlan (vlan 1 for some servers)

I would like to know if i need to add some kind of routing for this in the firewall?, i know as the firewall will be the layer 3 equipment it will route between the vlan's.

Also, my configuration in the switches should be only a trunk port? do i need to specify a tag for this vlans?

I each switch i will configure the VLAN with IP also ( vlan 4 5 6 7 and vlan 1 ).

Regards,

Ramraj Sivagnanam Sivajanam · ‎07-16-2012

Hi Bro

Please do add these commands in your Firewall, and you should be good.

!

same-security-traffic permit intra-interface

!

interface Ethernet0/2

description ## Link to HP Access Switch (Manageable Switch) ##

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 4,5,6,7

!

Please do ensure you've similar configuration in your HP Access Switch, as well. Yes, the port has to be dot1q trunk.

For further details on this, please do refer to http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml

P/S: If you think this comment is useful, please do rate it well :-)

Warm regards,
Ramraj Sivagnanam Sivajanam