05-30-2023 08:11 AM
should i apply my subinterface for each vlan on the firewall G1/3 or the right router (SG) ? really confuse how i should allow each vlan to access the web user located at the top (200.1.1.0/24 subnet)
05-30-2023 08:22 AM
Hi
Why do you need subinterface?
05-31-2023 05:42 AM
i was instructed to do VLANs separation for each department
05-31-2023 05:59 AM
On this case you can put it on the Layer3 switch. You can create 4 vlans , create interface vlans and put each access switch in one vlan.
You dont need subinterfaces. Just create vlans, then interface vlan and assign IP to it.
05-31-2023 08:19 AM
but i thought i need inter vlan routing or svi for each department to talk to one another?
05-31-2023 08:28 AM
You do, but you can do it all on the Layer3 switch. The ASA on PacketTracer does not support subinterface.
If you prefer, attach your project here and I can help you. You just need to zip the file before attach.
05-31-2023 08:38 AM
Access Control Lists
1. Only HR and Finance Departments can communicate with each other. No one else can ping the Finance Department.
2. eBGP to dual home to 2 ISPs, two routers at the top right . both web user should be able to access the web server .
can't seem to figure out how i should design this parts. especially the vlans part . you can take a look at my pkt file here
05-31-2023 10:09 AM
Hi @tyr668
Take a look on this file. As per your description, blocked access to vlan finance and both web user is able to access the http server
06-02-2023 03:50 AM
hi , i've just checked but it seems like all the finance departments aren't able to route to the Internet? seems stuck at the Layer 3 switch.
06-02-2023 04:29 AM
Hi @tyr668
I though only web users would access the internet. But the solution is pretty simple in case you want to try
on the firewall, add the following route
route inside 10.10.0.128 255.255.255.240 10.10.1.22
I tested here and it works. I am attaching the file with the fix
05-30-2023 08:33 AM
Hello,
It depends.
A bit more details would help to provide a more accurate answer.
Cheers,
Eugene
05-31-2023 05:43 AM
let's say if i were to have VLANs . VLANs is a must , how should i configure it ? can't seem to input sub interface on 5506 for cisco packet tracer
05-31-2023 06:10 AM
Hi,
to answer Your question more precise I need the config of the interface of Fa 0/5 of the switch.
But generally speaking, bellow I bring a example of how to configure subinterfaces on ASA 5506:
ASA#configure terminal
ASA(config)#interface GigabitEthernet1/3.10
ASA(config-if)#vlan 10
ASA(config-if)#nameif some-name
ASA(config-if)#security-level 95
ASA(config-if)#ip address x.x.x.x y.y.y.y
05-30-2023 08:39 AM
Hello @tyr668,
As @Flavio Miranda said why sub interfaces?
Just have to configure SVI for each vlan on your first L3 equipement after your L2 switch access.
05-31-2023 05:45 AM
if i were to create a SVI , do i need ospf routing protocol to distribute each vlan to the transfer net (10.10.1.20/30)?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide