Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1319
Views
0
Helpful
4
Replies

Cisco ASA 5506-X Config Questions

Not applicable

‎05-22-2017 09:10 AM - last edited on ‎03-12-2019 02:24 AM by

I have upgraded from a 5505 to a 5506-X that I have on a small test network at home.  I was able to configure the internal and external interfaces and have access to the internet and DHCP.  I'm looking to configure the following networks: PC/Printer, Wireless and CCTV. By the way my 5506 is not wireless so I will be configuring a Meru controller as my wireless network.  I see that the new 5506 does not have the VLAN tag option on the Advanced button like on the 5505.  I've read that you can add sub-interfaces to create VLANs on the 5506.  Form the examples I have seen, is it possible to add VLANs to the internal interface Gig1/2 (internal), Gig1/3 (wireless), Gig1/4 (cctv) without having to create sub-interfaces?  If so, what are the commands?

Below is the Configuration example showing VLANs:

http://www.cisco.com/c/en/us/support/docs/security/asa-5506-x-firepower-services/200417-Configure-the-ASA-5506W-X-with-a-Non-Def.html

Labels:
0 Helpful
4 Replies 4

Ashish Jhaldiyal
Level 1
Level 1

‎05-22-2017 12:12 PM

You can't create VLAN and then assign ports to VLANs like 5505, You can create port-channel with ports gig 1/2,3 and 4 and then create sub-interface on port-channel.

Ashish

0 Helpful

Not applicable
In response to Ashish Jhaldiyal

‎05-22-2017 12:37 PM

Thanks for your quick response.  I was able to find this article referring to what you spoke of:

http://www.petenetlive.com/KB/Article/0001085

Create Sub interface for VLAN 2

Petes-ASA(config)# interface gigabitEthernet 1.2 

Petes-ASA(config-subif)# vlan 2 

Petes-ASA(config-subif)# nameif Corp-LAN  INFO: Security level for "Corp-LAN" set to 0 by default. 

Petes-ASA(config-subif)# security-level 100 

Petes-ASA(config-subif)# ip address 10.2.2.254 255.255.0.0 

Petes-ASA(config-subif)# exit  Petes-ASA(config)#

Create Sub interface for VLAN 3

Petes-ASA(config)# interface gigabitEthernet 1.3 

Petes-ASA(config-subif)# vlan 3 

Petes-ASA(config-subif)# nameif Corp-WiFi  INFO: Security level for "Corp-Wifi” set to 0 by default. 

Petes-ASA(config-subif)# security-level 90 

Petes-ASA(config-subif)# ip address 10.3.3.254 255.255.0.0 

Petes-ASA(config-subif)# exit 

Need clarification: "To create sub interfaces on a physical interface, that interface must have no settings on it (other than it should not be shutdown)."

Does that mean I leave the config empty on interface Gig1/1 and create sub-interfaces for all my networks (data, wireless, cctv)?

If so, how do I configure my uplink on my Cisco switch?  Do I configure as a Trunk with command Switchport Access VLAN X,X,X

Switchport Trunk Allowed

Or will I need a Native VLAN command?

0 Helpful

Ashish Jhaldiyal
Level 1
Level 1
In response to

‎05-22-2017 01:40 PM

You are correct, you don't do any configuration on the physical port, configure IP, VLAN and security level under sub-interface.

On switch you have to configure ports as below

switchport mode trunk

switchport trunk allowed vlan x

0 Helpful

Not applicable
In response to Ashish Jhaldiyal

‎05-23-2017 06:52 AM

Thank you Ashish, what worked.  But now I cannot ping one network from the other.  What is the command to allow all the networks to see each other?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card