Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
1
Replies

Trunk port on switch end and access on ASA cisco 5505 will it work.

amol
Level 1
Level 1

‎11-08-2017 10:44 AM - edited ‎02-21-2020 06:40 AM

Hi,

Uplink connected in switch and ASA. I want to configure trunk on switch end and access port in ASA will it work.

 

Regards

Amol

Labels:
0 Helpful
1 Reply 1

James Leinweber
Level 4
Level 4

‎11-27-2017 01:43 PM

No, both ends of the wire have to be either trunk (vlan tagged packets) or access (untagged packets with implicit vlan at switchport). On the ASA side the physical port is unconfigured and the various vlans are assigned to subinterfaces. This is orthagonal to ethernet port-channels, where once again the endpoints on switch and firewall have to agree, regardless of trunk versus access status.
An example switch and firewall config for a trunked port could look like:

switch:
interface Gi1/0/1
switchport trunk allowed vlan 1,10,30
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate

firewall:
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
no shutdown
interface GigabitEthernet0/0.10
vlan 10
nameif foo
security-level 10
ip address 192.0.2.1 255.255.255.0
ipv6 address 2001:db8:aaaa::1
interface GigabitEthernet0/0.20
vlan 20
nameif bar
security-level 20
ip address 198.51.100.1 255.255.255.0
ipv6 address 2001:db8:ffff::1
-- Jim Leinweber, WI State Lab of Hygiene



0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card