cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

188
Views
10
Helpful
4
Replies
Highlighted
Beginner

Is It Possible to Create VLANS on the Switch and not on the ASA?

I have a Cisco 5506-x (5 VLAN limit) and a Catalyst 2960-CG.  I want to create about 15 VLANS.  I was wondering if i could just create these on the Catalyst 2960-CG and not create them on the ASA or would I need to create them on both and have more VLAN capacity on the ASA?

Everyone's tags (1)
4 REPLIES 4
Highlighted
VIP Advisor VIP Advisor
VIP Advisor

Re: Is It Possible to Create VLANS on the Switch and not on the ASA?

Hi,
VLANs do not need to be defined on the ASA, assuming the switch supports inter-vlan routing (which I believe the 2960CG does) you can configure the VLANs on the switch. The IP address assigned to each VLAN would be the default gateway for clients in each VLAN. The link between the switch and the ASA could be a dedicated VLAN on the switch, doesn't need to be trunked. You would require a static route on the switch for the default route (0.0.0.0/0.0.0.0) pointing to the ASA's inside IP address. The ASA would require static routes pointing to the switch for each of the VLAN networks. Or setup a dynamic routing protocol, only OSPF and RIP appear to be supported on that model.

HTH

Highlighted
Beginner

Re: Is It Possible to Create VLANS on the Switch and not on the ASA?

So I can just make a trunk port on the ASA, then make all the VLANS on the 2960CG trunk port connect a cable to it and it should work?  Im using ESXI to create the VM's that will use the VLANS.

Highlighted
VIP Advisor VIP Advisor
VIP Advisor

Re: Is It Possible to Create VLANS on the Switch and not on the ASA?

No, you don't need to trunk (you said the ASA doesn't support that many VLANs). Just create a routed link between the ASA and the switch, use static routes or run a routing protocol.

Highlighted

Re: Is It Possible to Create VLANS on the Switch and not on the ASA?

Cisco ASA doesn't support VTP, so I would recommend against using VLAN Switching function in the ASA integrated switch except as a last-resort option.

 

Good luck trying to maintain the VLAN database between your Layer2 catalyst switching fabric and your ASAs.

 

https://community.cisco.com/t5/switching/asa-5520-vtp-mode/td-p/1098591