Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1721
Views
0
Helpful
4
Replies

ASA Vlan subinterfaces multiple contexts applications

Not applicable

‎08-14-2017 02:13 PM - last edited on ‎03-12-2019 02:49 AM by

Is it possible to do this on an ASA with mutliple contexts?? :

Context A

Interface 1/0

interface1/0.260 

Context B

Interface 2/0

interface2/0.260

I am currently running two contexts, and am trying to assign the same vlan between these contexts, with different ip addresses.  I do have the auto generation of mac address enabled, and i also would have two different IP addresses on these subinterfaces(within the same subnet obviously).  This comes from us scaling down from two firewalls to a single HA pair of firewalls and moving the previous devices into contexts on one HA pair.  Is this possible to do?  As right now, the ASA is barking at us telling us that we already have vlan 260 assigned to interface1/0, even though I have already assigned the interfaces into different contexts.  Thanks for any support.  

Labels:
0 Helpful
4 Replies 4

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎08-14-2017 09:47 PM

Hi,

Yes, you should be able to do this.

You can assign the same IP address to multiple interfaces in a different context.

Although this is possible, a separate MAC address must be assigned for this interface in each context in order to classify the traffic into the context as shown.

Note: If the admin does not wish to assign the MAC address with the manual method, you can use the mac-address auto command. This command assigns the MAC address automatically to all interfaces, inclusive of subinterfaces.

This command assigns the MAC address automatically to all interfaces, inclusive of subinterfaces.

For more info:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/m1.html

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

Not applicable
In response to Aditya Ganjoo

‎08-15-2017 06:19 AM

I agree with you, but I was asking about subinterfaces with a vlan assigned to it.  Can you take separate interfaces, assign them to separate contexts in the firewall, and then assign them the same vlan subinterface (vlan 260) - like two routers on a stick, between separate contexts, with the same vlan.  I'm finding that the ASA complains and states that one interface already has vlan 260 on it, and won't let me configure this vlan subinterface on any other trunk interface on an ASA. 

Context A

Interface 1/0

interface1/0.260  - ip addres 192.168.1.2

Context B

Interface 2/0

interface2/0.260 - ip addres 192.168.1.3

0 Helpful

Not applicable
In response to Aditya Ganjoo

‎08-16-2017 08:48 AM

Bumping this in case anyone else sees this for a reply.  

0 Helpful

stillmags
Beginner
Beginner
In response to

‎10-23-2017 10:55 PM

I am having this same issue, really hoped your question will be answered. I don't want to post the same question again. This should work, because technically each context is it's own firewall. So it shouldn't matter if the same vlan id is used, but it still doesn't like it. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents