Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1884
Views
0
Helpful
4
Replies

ASA 5506 to 2960x VLAN Trunk configuration assistance

db62
Level 1
Level 1

‎09-26-2018 10:05 AM - edited ‎02-21-2020 08:17 AM

Hi,

 

Newbie question.

 

I have a 2960x with 3 VLANS (native VLAN is 1), already configured and working, in the sense that a PC on VLAN 1 cannot see a PC on VLAN 2 or 3. That is all I need. I do not need to do inter-VLAN routing. Nor do I want to use ACL's. Please keep the reply simple and on topic, I'm confused enough already.

 

I want to connect an ASA 5506 to the 2960x port 24 which is set up as a Trunk, to provide Internet access to all 3 VLANs. Again, I do not want to do inter-VLAN routing

 

What is the configuration for the ASA port? 2960x port 24 Trunk?

 

Should I keep VLAN 1 as native on the 2960? Or should I switch the native 2960x VLAN to something else? What are the implications of doing this?

 

Assistance with this configuration would be greatly appreciated. Please keep it simple.

 

Thanks in advance.

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎09-26-2018 12:00 PM

I prefer to native vlan as different vlan  than vlan 1 if you do not have option then you can use  vlan1 as native vlan and change , and other user network vlan with vlan 2, 3 ,4.

 

below thread give you simple  NAT  rule for the different VLAN to internet access only.

 

https://community.cisco.com/t5/firewalls/multiple-vlan-s-dynamic-nat-asa-5520-8-4-5/td-p/2311816

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎09-26-2018 01:16 PM

@db62
Isnt this a Duplicate posting relating to this? -


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

db62
Level 1
Level 1
In response to paul driver

‎09-26-2018 01:50 PM - edited ‎09-26-2018 02:18 PM

That post was for a non VLAN aware router. This post is for the ASA 5506, which is VLAN aware. So I posted it here.

 

No such thing as a simple answer in Cisco land, is there? Why'd they even bother with a GUI on the 5506 if you can't do anything with it?

0 Helpful

mkazam001
Level 3
Level 3

‎11-03-2018 05:25 PM

if the 2960x is a layer 3 switch, you could use the no switchport cmd to configure an IP on the port - use a /30 subnet with the other IP on the ASA, then use a default route with the next hop of the asa inside interface.

if it's a layer 2 switch, you have to create sub-ints for the vlans on the asa.

azam

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card