Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1513
Views
10
Helpful
4
Replies

Is It Possible to Create VLANS on the Switch and not on the ASA?

errMsg
Level 1
Level 1

‎04-07-2020 02:11 PM

I have a Cisco 5506-x (5 VLAN limit) and a Catalyst 2960-CG.  I want to create about 15 VLANS.  I was wondering if i could just create these on the Catalyst 2960-CG and not create them on the ASA or would I need to create them on both and have more VLAN capacity on the ASA?

4 Replies 4

Rob Ingram
VIP
VIP

‎04-07-2020 02:41 PM - edited ‎04-07-2020 02:49 PM

Hi,
VLANs do not need to be defined on the ASA, assuming the switch supports inter-vlan routing (which I believe the 2960CG does) you can configure the VLANs on the switch. The IP address assigned to each VLAN would be the default gateway for clients in each VLAN. The link between the switch and the ASA could be a dedicated VLAN on the switch, doesn't need to be trunked. You would require a static route on the switch for the default route (0.0.0.0/0.0.0.0) pointing to the ASA's inside IP address. The ASA would require static routes pointing to the switch for each of the VLAN networks. Or setup a dynamic routing protocol, only OSPF and RIP appear to be supported on that model.

HTH

0 Helpful

errMsg
Level 1
Level 1
In response to Rob Ingram

‎04-07-2020 08:03 PM

So I can just make a trunk port on the ASA, then make all the VLANS on the 2960CG trunk port connect a cable to it and it should work?  Im using ESXI to create the VM's that will use the VLANS.

0 Helpful

Rob Ingram
VIP
VIP
In response to errMsg

‎04-08-2020 03:03 AM

No, you don't need to trunk (you said the ASA doesn't support that many VLANs). Just create a routed link between the ASA and the switch, use static routes or run a routing protocol.

BrianSekleckiGE
Level 1
Level 1

‎04-08-2020 03:09 AM - edited ‎04-08-2020 03:11 AM

Cisco ASA doesn't support VTP, so I would recommend against using VLAN Switching function in the ASA integrated switch except as a last-resort option.

 

Good luck trying to maintain the VLAN database between your Layer2 catalyst switching fabric and your ASAs.

 

https://community.cisco.com/t5/switching/asa-5520-vtp-mode/td-p/1098591

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card