Solved: Unable to Create V-LAN

ray_stone · ‎05-12-2011

Hello Experts,

I have ASA 5510 firewall box that needs to be configured from the scratch where-on the old start config has been removed and now when i create V-LAN then it's not making.

Even the rest conf has been done successfully w/o problem. When i try to add a V LAN 100 to outside interface then it doesn't work. Also, please suggest the command to see where the start-up config is placed.

It has security+ license configured.

What could be the issue, pls. suggest.

joerggrau · ‎05-12-2011

You are trying to use switch commands. In order to create VLAN interface on the ASA you need to first create a natvie interface IP and then subinterfaces for the VLANs. Here is an example:

interface GigabitEthernet0/0
description Dummy Interface so it an be VLANed.
nameif Native0_0
security-level 0
ip address 10.1.1.1 255.255.255.252 standby 10.1.1.2
!
interface GigabitEthernet0/0.1
description VLAN example

vlan 199
nameif BLABLA
security-level 40
ip address 10.2.1.100 255.255.255.0 standby 10.2.1.101

Now you have an interface with VLAN 199...

Make sure the switchport it is connected to is a trunk port that allows 199 as an allowed VLAN.

Hope that helps.

Joerg

View solution in original post

varrao · ‎05-12-2011

Hi,

Could you plz provide the following details:

show run interface

show switch vlan

show int ip brief

Thsi would be helpful in identifying where you are missing.

Thanks,

Varun

Thanks,
Varun Rao

varrao · ‎05-12-2011

Here is an example.

Int vlan 10

ip address 10.10.10.10 255.255.255.0

nameif outside

no shutdown

int ethernet 0/2

switchport access vlan 10

I guess this is what you'll need.

Here is a doc:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html

Thanks,

Varun

Thanks,
Varun Rao

ray_stone · ‎05-12-2011

Yes Varun, I have also used the suggested commands to determine the problem but the info is being shown w/o V-LAN info and that's a problem which we need to resolve.

varrao · ‎05-12-2011

Ray,

Well if that is the case then I would definitely like to have a look on at least the outputs that I requested alongwith "show version". The best would be if you could provide "show run" output. To check the startup config the comand is "show start" or this file is saved on the firewall in the flash. Do "show flash" it should show the file by the name startup.

I'll be waiting for your reply.

Thanks,

Varun

Thanks,
Varun Rao

joerggrau · ‎05-12-2011

You are trying to use switch commands. In order to create VLAN interface on the ASA you need to first create a natvie interface IP and then subinterfaces for the VLANs. Here is an example:

interface GigabitEthernet0/0
description Dummy Interface so it an be VLANed.
nameif Native0_0
security-level 0
ip address 10.1.1.1 255.255.255.252 standby 10.1.1.2
!
interface GigabitEthernet0/0.1
description VLAN example

vlan 199
nameif BLABLA
security-level 40
ip address 10.2.1.100 255.255.255.0 standby 10.2.1.101

Now you have an interface with VLAN 199...

Make sure the switchport it is connected to is a trunk port that allows 199 as an allowed VLAN.

Hope that helps.

Joerg

ray_stone · ‎05-12-2011

Thanks Joerg!

I really appreciate your help as it is very useful info that you ar given. I was very much confused in this as we can make V-LANS of Cisco ASA 5505 model and it's a first time I am configuring the ASA 5510.

Can you please suggest as to why we can't allocate a VLAN ID to any individual interface rather than making sub interfaces and make a part of V-LAN.

Thanks!