cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1043
Views
4
Helpful
5
Replies

ASA with 802.1Q

netadmindetail
Level 1
Level 1

Hi all

I want to know if it's possible (see attachment for detail) to manage multiple subnet within a Layer 3 switch (3750) through a ASA5520 with 802.1Q tagging.

Refering to jpg file; the SQL and ACS subnet are only define in the layer 3 switch The DMZ port on the ASA are not in the SQL or ACS subnet.

It is possible ?

Thank you very much for your help.

5 Replies 5

srue
Level 7
Level 7

you can let the ASA do your intervlan routing (as well as security between vlans), but you might be better off using the routing capabilities of the 3750 if you don't need much security between vlans.

the ASA can do 802.1q trunking though using subinterfaces with the 'vlan' command.

Do I need a particular Software version on my ASA ?

Do I need to put subinterface on my inside interface too or just on my DMZ port ?

Does the ASA subinterfaces are trunking 802.1q by defaut ?

Thank you very much

the ASA's only do dot1q so there's no way to specify encapsulation type.

there are two steps to creating a dot1q trunk...

1. create the subinterface

2. specify the vlan number on subinterface.

- then assign normal interface commands (nameif, security-level, address, description...acls)

eg.

int eth0/2.100

vlan 100

nameif dmz1

security-level 50

ip address 10.1.1.1 255.255.255.0

specify trunking on the switch as you normally would, just make sure you use dot1q and that the vlans you use on the ASA exist on your switch(es)

Review Cisco Networking for a $25 gift card