07-16-2018 12:02 PM - edited 02-21-2020 07:59 AM
I need an advised if this is possible to do in multiple context. I have a cisco 5516x and i want to used the the first port for isp and the 2nd port will have sub interfaces for internal network used i.e internal1 and internal2. Just wondering if its possible to used layer2 switch with this scenario.Thanks
Solved! Go to Solution.
07-16-2018 09:23 PM
This is possible.
You can use first port Gi0/0 directly connecting to ISP and you can connect the second port Gi0/1 to layer two switch for internal network. You have to configure vlan on switch lets say vlan 10 (internal1) vlan 20 (internal 20). on switch where the ASA Gi0/1 connected switch port make that port as trunk and pass both vlan 10,20 in trunk.
Sample configuration as below.
on Switch
vlan 10
name internal1
!
vlan 20
name internal1
!
int Gi1/0/1
switch mode trunk
switch trunk allowed vlan 10.20
!
on ASA in system context
int Gi0/1.10
vlan 10
!
int Gi0/1.20
vlan 20
!
context abc
allocate-int Gi0/0
allocate-int Gi0/1.10
allocate-int Gi0/1.20
config-url abc.cfg
!
changeto context abc
int Gi0/0
nameif isp
sec 0
ip add 1.1.1.1 255.255.255.0
!
int Gi0/0.10
nameif internal1
sec 100
ip add 10.1.10.1 255.255.255.0
!
int Gi0/0.20
nameif internal2
sec 100
ip add 10.1.20.1 255.255.255.0
!
Kindly rate for useful post
07-16-2018 09:23 PM
This is possible.
You can use first port Gi0/0 directly connecting to ISP and you can connect the second port Gi0/1 to layer two switch for internal network. You have to configure vlan on switch lets say vlan 10 (internal1) vlan 20 (internal 20). on switch where the ASA Gi0/1 connected switch port make that port as trunk and pass both vlan 10,20 in trunk.
Sample configuration as below.
on Switch
vlan 10
name internal1
!
vlan 20
name internal1
!
int Gi1/0/1
switch mode trunk
switch trunk allowed vlan 10.20
!
on ASA in system context
int Gi0/1.10
vlan 10
!
int Gi0/1.20
vlan 20
!
context abc
allocate-int Gi0/0
allocate-int Gi0/1.10
allocate-int Gi0/1.20
config-url abc.cfg
!
changeto context abc
int Gi0/0
nameif isp
sec 0
ip add 1.1.1.1 255.255.255.0
!
int Gi0/0.10
nameif internal1
sec 100
ip add 10.1.10.1 255.255.255.0
!
int Gi0/0.20
nameif internal2
sec 100
ip add 10.1.20.1 255.255.255.0
!
Kindly rate for useful post
07-17-2018 07:50 AM - edited 07-17-2018 08:00 AM
Thank you, Pawan. This is helpful enough for me. One last thing if i have unmanaged switch is this something that i can work on with multiple context.
07-17-2018 11:13 PM
As non-managed switches don't have a way to define or manage VLANs nor do they support VLAN frame tagging for trunk support
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide