Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2929
Views
7
Helpful
4
Replies

configure vlan(s) on SF300 switches

eholz1eholz1
Level 1
Level 1

‎10-03-2012 09:29 AM

Hello All,

I saw a post in routerdiscussions.com that was close to what I need to do.  But this site seems a better place

to ask a question.

We need to install a second switch (SF300-24P) to an existing network with an SF300 48P and an ASA5500 for gateway/firewall etc.

the network on the 48p switch is 192.168.1.xx.  We want to use the new switch for ip cameras and 192.168.2.xx.

I will assume I need to set up a vlan on the 24 port switch for the 192.168.2.xx ip range, i will call this vlan20.  I will guess that I need to pick

a port from the 48p switch and create  vlan20 on the 48p switch to access the 24p switch.  I want users on the 192.168.1.xx network to

be able to access cameras on the 192.168.2.xx network.  Do I need to add a line in the asa config file for the new switch?

thanks,

Eric

Group Olvier

Labels:
0 Helpful
4 Replies 4

Tom Watts
VIP Alumni
VIP Alumni

‎10-03-2012 10:23 AM

Hi Eric, the first consideration is what license your ASA has. If it's only a basic license, it will support one inbound vlan and 1 outbound vlan, which you won't be able to do anything with.

As far as the switch configs go, the only thing you'll need to concern yourself with is creating the 2nd vlan then making the uplink ports 1u, 2t and any port you want a camera to connect to as 2u.

The rest of the config will be on the ASA and/or DCHP server.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

eholz1eholz1
Level 1
Level 1
In response to Tom Watts

‎10-03-2012 03:25 PM

Hello Thomas,

I checked the config file on the ASA looks like there is a license for 3 vlans.  But, there is a vlan1 (192.168.1.xx)

the "default" vlan, and there is a vlan2 for the outside ip, does this mean we have only 1 left? 

One more question - I just discovered that they want to have an additional outside ip address for the cameras.  Would

this just be a matter of routing or do we need a vlan to support the additional outside ip on the ASA.  Do we also need to

add one more vlan on the asa for the new 192.168.2.xx range which will be established on the second switch?

Thanks again,

Eric

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to eholz1eholz1

‎10-03-2012 03:41 PM

Eric, to view an IP camera over the internet, typically you configure the camera with an alternate http port such as 1024, then create a port forwarding rule on the router. To access the camera you would use http://wanipaddress:1024 as example.

If you want a separate WAN address to the cameras, a lot of times this is represented through an IP alias or a form of one to one NAT. I am not familiar enough with the ASA to give the command output or a correct answer (I support the SX300 switches only).

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

eholz1eholz1
Level 1
Level 1
In response to Tom Watts

‎10-03-2012 03:49 PM

Hello Tom,

Thanks for the info.  This is helpful.  I have done some checking as far as the ASA is concerned and we

might be ok.  I will keep the port info in mide.

Eric

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents