10-03-2012 09:29 AM
Hello All,
I saw a post in routerdiscussions.com that was close to what I need to do. But this site seems a better place
to ask a question.
We need to install a second switch (SF300-24P) to an existing network with an SF300 48P and an ASA5500 for gateway/firewall etc.
the network on the 48p switch is 192.168.1.xx. We want to use the new switch for ip cameras and 192.168.2.xx.
I will assume I need to set up a vlan on the 24 port switch for the 192.168.2.xx ip range, i will call this vlan20. I will guess that I need to pick
a port from the 48p switch and create vlan20 on the 48p switch to access the 24p switch. I want users on the 192.168.1.xx network to
be able to access cameras on the 192.168.2.xx network. Do I need to add a line in the asa config file for the new switch?
thanks,
Eric
Group Olvier
10-03-2012 10:23 AM
Hi Eric, the first consideration is what license your ASA has. If it's only a basic license, it will support one inbound vlan and 1 outbound vlan, which you won't be able to do anything with.
As far as the switch configs go, the only thing you'll need to concern yourself with is creating the 2nd vlan then making the uplink ports 1u, 2t and any port you want a camera to connect to as 2u.
The rest of the config will be on the ASA and/or DCHP server.
-Tom
Please rate helpful posts
10-03-2012 03:25 PM
Hello Thomas,
I checked the config file on the ASA looks like there is a license for 3 vlans. But, there is a vlan1 (192.168.1.xx)
the "default" vlan, and there is a vlan2 for the outside ip, does this mean we have only 1 left?
One more question - I just discovered that they want to have an additional outside ip address for the cameras. Would
this just be a matter of routing or do we need a vlan to support the additional outside ip on the ASA. Do we also need to
add one more vlan on the asa for the new 192.168.2.xx range which will be established on the second switch?
Thanks again,
Eric
10-03-2012 03:41 PM
Eric, to view an IP camera over the internet, typically you configure the camera with an alternate http port such as 1024, then create a port forwarding rule on the router. To access the camera you would use http://wanipaddress:1024 as example.
If you want a separate WAN address to the cameras, a lot of times this is represented through an IP alias or a form of one to one NAT. I am not familiar enough with the ASA to give the command output or a correct answer (I support the SX300 switches only).
-Tom
Please rate helpful posts
10-03-2012 03:49 PM
Hello Tom,
Thanks for the info. This is helpful. I have done some checking as far as the ASA is concerned and we
might be ok. I will keep the port info in mide.
Eric
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide