07-25-2013 01:50 AM - edited 03-11-2019 07:16 PM
Hi, I have ASA5585-X version 9.1 and asdm version 7.1
have alot of diffrent vlans on the asr router. asr router have a subif with vlans. asa 5585 are behind to asr router. want to setting up asa 5585 switch ports trunk mode. is it possible?
Topology are below.
ISP -> Cisco ASR with bgp and subif and gateway for the vlans -> ASA5585 all ip addresses security configrations -> Cisco 6500 aggregations switch -> Cisco 2960 cabinets switchs -> Servers
Solved! Go to Solution.
07-25-2013 07:07 AM
I can't speak to the ASR router configuration, but you can definitely have trunk ports on the ASA side. What has worked for me between 3750 switches and assorted generations of ASA hardware and software is configurations like:
On the switch you set it to mode trunk with negotiation off:
interface GigabitEthernet1/0/38
switchport trunk encapsulation dot1q
switchport trunk native vlan 400
switchport trunk allowed vlan 1,430-435,543-545
switchport mode trunk
switchport nonegotiate
On the ASA you put the parent physical interface into "no shutdown" state and then set up subinterfaces with vlan tags:
interface GigabitEthernet0/3
description trunk port
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3.543
description first subinterface
vlan 543
nameif whatever
security-level 80
ip address 192.0.2.1 255.255.255.0
-- Jim Leinweber, WI State Lab of Hygiene
07-25-2013 07:07 AM
I can't speak to the ASR router configuration, but you can definitely have trunk ports on the ASA side. What has worked for me between 3750 switches and assorted generations of ASA hardware and software is configurations like:
On the switch you set it to mode trunk with negotiation off:
interface GigabitEthernet1/0/38
switchport trunk encapsulation dot1q
switchport trunk native vlan 400
switchport trunk allowed vlan 1,430-435,543-545
switchport mode trunk
switchport nonegotiate
On the ASA you put the parent physical interface into "no shutdown" state and then set up subinterfaces with vlan tags:
interface GigabitEthernet0/3
description trunk port
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3.543
description first subinterface
vlan 543
nameif whatever
security-level 80
ip address 192.0.2.1 255.255.255.0
-- Jim Leinweber, WI State Lab of Hygiene
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide