Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1066
Views
0
Helpful
2
Replies

Implmenting SG300 Layer 3 Switch for InterVLAN Routing with ASA 5505

meGunnett
Level 1
Level 1

‎05-31-2015 12:33 PM - edited ‎03-11-2019 11:01 PM

IMAGE: ASA Before SG300

My current setup has an ASA 5505 acting as my main gateway, firewall, and router for network. The ASA with its 100 MB bandwidth is a bottleneck for my network. Everything is working now though there are obvious speed issues. So I purchased an SG300-10 Layer 3 switch it hopes that it could take over the Inter VLAN routing. ASA 5505 – I have configured multiple interfaces to allow my VLANs to be routed properly. I also have DHCP relay set up for VLANS 2-5 to go to the DHCP/DNS Servers 192.168.0.13 & 192.192.168.0.200

IMAGE DHCP Server

New Setup

IMAGE: ASA 5505 & SG300

For my new setup, I have deleted the VLAN interfaces off the ASA5505 and moved them to the SG300 and setup DHCP Relay It seems that SG300 is having issues routing to the VLAN1 Inside network as well as the internet. DHCP relay does not seem to be working since I implemented the SG300.

Devices on VLAN1, can access the internet and on VLAN1 but none of the other VLAN’s.

Devices on VLAN 3, cannot access the internet, but can access access other VLAN’s such as VLAN 2 & VLAN 4.

ASA Configuration Before Making Any Changes

ASA Configuration After Adding SG300

SG300 Config

SG300 IP Routes

SG300 ARP Table

Any help would be much appreciated!

Labels:
0 Helpful
2 Replies 2

kcrane2
Level 1
Level 1

‎06-01-2015 07:26 AM

What is the default GW for devices on VLAN1?  I suspect it's the ASA from the behavior you describe.

 

You really need to setup a point-to-point vlan for the ASA to the SG-300.   Something like this

 

VLAN1 <------> SG-300 <------> VLAN 900 <-----> ASA

VLAN2 <-------------|

VLAN3 <-------------|

VLAN4 <-------------|

 

All clients on the inside should point to the SG-300 VLAN IP as their default gateway.  The SG300 then points to the ASA's IP on VLAN 900 as its default gateway.  The ASA is told that 192.168.X.X is routed to the SG-300's IP on VLAN 900.  The ASA's default GW points to your internet device.  This keeps the ASA from having a layer 2 connection to some of its inside clients and layer 3 to others.  

 

What you have now can be made to work but would result in asynchronous routing which will cause you headaches at some point.   

 

 

 

0 Helpful

meGunnett
Level 1
Level 1
In response to kcrane2

‎06-01-2015 07:29 AM

You are correct about the ASA being set as the default gateway on VLAN 1.

I will experiment with making a transit VLAN like VLAN 900.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card