Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
3
Replies

V-Lans

nikuhappy2010
Level 1
Level 1

‎01-24-2009 10:35 AM - edited ‎03-11-2019 07:41 AM

Hi, I have to setup new V-lans department wise in our office. In current scenario, we have unmanaged switch which is connected with ASA 5505 FW where V-LAN 100 (NOC) is created and IP address of Inside Interface NOC V-lan is 192.168.12.1 which is a gateway set on client machines and Servers. This Network is connected with Remote sites via STS Tunnel. Now we want to make a new V-lans on new L2 switch and put the access list according to rights of users.

Here, I am bit confused about understanding new V-Lans structure. I want that the IT department and the Servers are remained in the NOC V-lan but would like to make seperate V-Lans for DEV and QA Team. I have created three following V-lans on L2 switch:

1) Vlan 100 NOC Port assigned eth 1-4

2) Vlan 200 DEV Port assigned eth 5-8

3) Vlan 300 QA Port assigned eth 9-12

Now I want to connect ASA Inside NOC Vlan 100 with the port 1 L2 switch where already same V-lan created but when I connect switch and FW and connect my laptop on port 2 of L2 switch then I am not able to ping the Inside Interface IP 192.168.12.1. Not able to underst

and where I am wrong. Second, I want to make a Trunk port on L2 switch on port 14 and connect with FW port 8 which is not a member of V-lan and want to do all settings on FW Trunk port like nattig, access list or etc. Please advice your suggestions in this regard. Can you please recommend how many network design I can use, Pl suggest as well if possible.

Thanks

Vinay Gupta

Labels:
0 Helpful
3 Replies 3

hunnetvl01
Level 1
Level 1

‎01-24-2009 10:58 AM

Vinay,

Paste the ASA and switch config.

I suppose the Vlans on teh fw are named the same as the vlan on the switch and u connect vlan 100 on switch with an interface assigned Vlan 100 on the fw.

Regards,

Vlad

0 Helpful

nikuhappy2010
Level 1
Level 1
In response to hunnetvl01

‎01-24-2009 06:43 PM

yes, you are right....then should it not be start the communication between switch and FW by creating same VLan name and ID.

0 Helpful

hunnetvl01
Level 1
Level 1
In response to nikuhappy2010

‎01-25-2009 02:24 AM

Vinay,

Assuming you have this:

Fw:

vlan100

Int vl 100

Ip address 192.168.12.1

Int eth 0/1

nameif Inside

switchport access vl100

no shut

Switchport connected to fw's inside:

Switchport access vl100

switchport mode access

no shut

This should work , assuming there is no ACL which denies the traffic/icmp packets.

Vlad

Vinay ,

A small corection, sorry!

The fw should be like this not what I previously posted:

vlan100

Int vl 100

Nameif Inside

Ip address 192.168.12.1

Int eth 0/1

switchport access vl100

no shut

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card