cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
217
Views
0
Helpful
6
Replies
Highlighted
Beginner

ASA 5510 VLANS

So currently I have an ASA that's connected my ISR in which is connected to the switch, I would like to remove the ISR completely and just use the firewall attached to the Switch but I cannot figure out where I can configure VLANS on my ASA5510 Firewall.

 Currently, if I go under the subinterfaces for the ports, all I see is to nameif (vlan) but thats all. No switchport, nothing anywhere that I can see for me to configure the ports for either access or trunk. What would the commands be and what am I missing here?

6 REPLIES 6
Highlighted
VIP Mentor

Re: ASA 5510 VLANS

Hello,

 

do subinterfaces work ? 

 

interface Ethernet0/0.10
vlan 10
nameif VLAN10

Highlighted
Beginner

Re: ASA 5510 VLANS

Yes, subinterfaces do work. I have them all configured with the proper addresses and names.

Highlighted
VIP Mentor

Re: ASA 5510 VLANS

Hello,

 

so the 'vlan' command is not available ? I seem to remember that you need the Security Plus license in order to support Vlan trunks. Can you check which version you have installed (sh lic) ?

 

interface Ethernet0/0.10
vlan 10
nameif VLAN10

Highlighted
Hall of Fame Master

Re: ASA 5510 VLANS

I think we need to be very careful about the question that the original poster is asking. I think the answers so far are good answers to a slightly different question than what the original post is about. I am focusing especially on this part of the original post " No switchport, nothing anywhere that I can see for me to configure the ports for either access or trunk". And the answer tp that question is that there are not any switch ports on the 5510 and so there are no commands to set as access or trunk. On the 5505 there are switch ports. But on 5510 every port is a routed port. If you configure the physical interface it is a routed port and there is no possibility of access or trunk. If you configure a subinterface it automatically treats the interface as a trunk and there is no possibility of access.

 

 

HTH

Rick
Highlighted
Beginner

Re: ASA 5510 VLANS

My security license is active and I have the latest version on my firewall, even though my subinterfaces are configured and the switch is configured as a trunk feeding those ports for some reason traffic won't pass through. Now, I can make it all work of course if I have a ISR between the firewall and switch along with having NAT configured but otherwise it won't work. The outside interface is configure for "ip address dhcp setroute" then the subinterfaces are configured. Should I use NAT for those sub interface networks or am I going to statically configure the routing table to go to the outside interface for those VLANS?

Highlighted
Hall of Fame Master

Re: ASA 5510 VLANS

Yes you should use NAT for those subinterfaces.

HTH

Rick