Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1975
Views
0
Helpful
6
Replies

ASA 5585 security context - vlan assignment to port channel

Go to solution
Mohd Imtiaz Hussain
Level 1
Level 1

‎03-27-2015 08:32 AM - edited ‎03-11-2019 10:42 PM

I want to assign same vlan number to multiple sub interface in asa 5585. But it gives message vlan already assigned to another interface.

How can i achieve this.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rizwanr74
Level 7
Level 7
In response to Mohd Imtiaz Hussain

‎03-28-2015 06:02 AM

Hello Imtiaz,

 

Take a look below.

 

interface TenGigabitEthernet7/1
 Physical Interface

!
interface TenGigabitEthernet7/1.2
 description layer2 Sub-interface in vlan2 
 vlan 2


context MyContext-A
 description Firewall A
 allocate-interface TenGigabitEthernet7/1.2 MyContext-A-outside
 config-url disk0:/MyContext-A.cfg


context MyContext-B
 description Firewall B
 allocate-interface TenGigabitEthernet7/1.2 MyContext-B-outside
 config-url disk0:/MyContext-B.cfg
  

 

In the firewall context MyContextB the outside interface would appear like this:

!
interface MyContext-B-outside

- - - - - - - - - - - - - - - - - - - - - - - 

 

In the firewall context MyContextA the outside interface would appear like this:

!
interface MyContext-A-outside

 

It is the same single sub-interface "interface TenGigabitEthernet7/1.2" is being assigned to multiple  contexts and you assign the level security level you desire within the each context for that interface and IP address must be within the same subnet range, because they are part of same layer2 vlan.

 

Hope this helps.

Thanks

Rizwan Rafeek

View solution in original post

0 Helpful
6 Replies 6

Go to solution
rizwanr74
Level 7
Level 7

‎03-27-2015 10:31 AM

Hello Imtiaz,

 

You cannot assign multiple interfaces on same the vlan because IP overlaps.

 

Are you running ASA5585 on multiple  context mode?

 

thanks

Rizwan Rafeek

 

 

0 Helpful

Go to solution
Mohd Imtiaz Hussain
Level 1
Level 1
In response to rizwanr74

‎03-28-2015 01:09 AM

Hi rizwan,

Yes iam running asa5585 on multiple context mode.

I have security context created on asa5585.

I have security context A created and i have one common vlan for outside interface.

Similarly for security context B i want to assign same vlan number on outside interface of Security context B sub port channel.

Please share your ideas.

IP address to outside interface of both context will be different but from same ip pool.

0 Helpful

Go to solution
rizwanr74
Level 7
Level 7
In response to Mohd Imtiaz Hussain

‎03-28-2015 06:02 AM

Hello Imtiaz,

 

Take a look below.

 

interface TenGigabitEthernet7/1
 Physical Interface

!
interface TenGigabitEthernet7/1.2
 description layer2 Sub-interface in vlan2 
 vlan 2


context MyContext-A
 description Firewall A
 allocate-interface TenGigabitEthernet7/1.2 MyContext-A-outside
 config-url disk0:/MyContext-A.cfg


context MyContext-B
 description Firewall B
 allocate-interface TenGigabitEthernet7/1.2 MyContext-B-outside
 config-url disk0:/MyContext-B.cfg
  

 

In the firewall context MyContextB the outside interface would appear like this:

!
interface MyContext-B-outside

- - - - - - - - - - - - - - - - - - - - - - - 

 

In the firewall context MyContextA the outside interface would appear like this:

!
interface MyContext-A-outside

 

It is the same single sub-interface "interface TenGigabitEthernet7/1.2" is being assigned to multiple  contexts and you assign the level security level you desire within the each context for that interface and IP address must be within the same subnet range, because they are part of same layer2 vlan.

 

Hope this helps.

Thanks

Rizwan Rafeek

0 Helpful

Go to solution
Mohd Imtiaz Hussain
Level 1
Level 1
In response to rizwanr74

‎03-29-2015 11:33 PM

Hi Rafeek,

Thank you for the information. I have tried this iam able configure context A interface with same vlan and IP address and Context B with different IP address of same vlan.

Does it have any impact in allocating same interface to two different context with different IP address of same vlan.

----------------------------------------------------------------------------

Also is it not possible to configure as below:

interface TenGigabitEthernet7/1.2
 description layer2 Sub-interface in vlan2 
 vlan 2

interface TenGigabitEthernet7/1.3
 description layer2 Sub-interface in vlan2 
 vlan 2

context MyContext-A
 description Firewall A
 allocate-interface TenGigabitEthernet7/1.2 MyContext-A-outside
 config-url disk0:/MyContext-A.cfg

context MyContext-B
 description Firewall B
 allocate-interface TenGigabitEthernet7/1.3 MyContext-B-outside
 config-url disk0:/MyContext-B.cfg
  

 

0 Helpful

Go to solution
rizwanr74
Level 7
Level 7
In response to Mohd Imtiaz Hussain

‎03-30-2015 06:03 AM

Hello Imtiaz

 

You can only assign a single VLAN to a subinterface, and you cannot assign the same VLAN to multiple subinterfaces.  Beside it is not necessary either, as you can see in the example I have showed above, just a single subinterface "TenGigabitEthernet7/1.2" can be assigned to multiple context.

 

Hope that answered your question.

Thanks

Rizwan Rafeek

 

 

0 Helpful

Go to solution
Mohd Imtiaz Hussain
Level 1
Level 1
In response to rizwanr74

‎03-30-2015 06:03 AM

Hi Rizwan,

Thanks for your inputs.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card