Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
2
Replies

i will implement cisco asa 5515x on my 3750x and 2960s

Neetu Bhushan
Level 1
Level 1

‎04-23-2013 11:24 AM - edited ‎03-04-2019 07:42 PM

hi all

i will be implementing a new firewall (cisco asa 5515x) on my existing 3750x (server switches) and my 2960s (user switches).  I need advises on what should I need to apply on my firewall and swtiches to make the implementation successfull.  I will put my 3750x as my DMZ and my 2960s as my inside.  The 3750x have multiple subnet and also the 2960s.

which features and technologies i need to know on those 3 products.  my 3750x and 2960s don't have any ACL defined and most common features are vlan, switchport, trunking, spanning-tree, stacking, vtp.

how my asa knows that my 3750x/2960s have multiple vlans.  my current connection right now on 3750x and 2960s is just through 6 ports i assigned as one trunk, below is my config

SW3750Stack#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

SW2960Stack..com

                 Gig 2/0/24        159              S I   WS-C2960S Gig 3/0/48

SW2960Stack..com

                 Gig 2/0/2         157              S I   WS-C2960S Gig 1/0/12

SW2960Stack..com

                 Gig 1/0/24        159              S I   WS-C2960S Gig 3/0/47

SW2960Stack..com

                 Gig 1/0/23        159              S I   WS-C2960S Gig 2/0/47

SW2960Stack..com

                 Gig 1/0/2         157              S I   WS-C2960S Gig 1/0/11

SW2960Stack..com

                 Gig 2/0/23        159              S I   WS-C2960S Gig 2/0/48

SW3750Stack#

one example 3750x port config,

SW3750Stack#sh run int Gig 2/0/24

interface GigabitEthernet2/0/24

description Connection to SW G3/0/48

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 100,110,130,150

switchport mode trunk

switchport nonegotiate

power inline never

channel-group 2 mode active

end

one example of 2960x port config,

SW2960Stack#sh run int Gig 3/0/48

interface GigabitEthernet3/0/48

description Connection to  G2/0/24

switchport trunk allowed vlan 100,110,130,150

switchport mode trunk

switchport nonegotiate

power inline never

channel-group 2 mode active

end

my 2960s vlans are almost the same with my 3750x except vlan 160, 170, 192.  but of course when i put this in asa, i have to segragate vlan for 3750x (192, 100, 110,160, 170) and 2960s (130, 150).  for my 2960s connection to the asa and since this will have big bandwidth, i will use 3 ports on my asa (and trunk it) connecting to my 2960s and i will use 2 ports on my asa (and trunk it) connecting to my 3750x.  the one internet ports and my one management ports on my asa will stay like that.

thanks for any comment you may add.

Labels:
0 Helpful
2 Replies 2

Neetu Bhushan
Level 1
Level 1

‎04-24-2013 08:33 PM

i found a topic on google regarding turning ip routing between asa and router, see below command

router ospf 1

  router-id 10.4.4.4

  log-adjacency-changes

  redistribute eigrp 100 subnets

  network 192.168.1.0 0.0.0.255 area 0

just not sure if this is relevant to 3750x and 2960s, i guess i have to call support...

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎04-25-2013 04:03 PM

Duplicate post.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card