Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
2
Replies

Firewall: Multiple interfaces in diferent VLAN vs multiple redundant with VLAN tagging

joseluis.pedrosa
Level 1
Level 1

‎05-19-2011 02:35 AM - edited ‎03-06-2019 05:08 PM

Hi all!

I'd like to know de pros and cons of these two aproaches for setting interfaces in an  ASA:

Premises:

There are four different VLAN that must be connected to firewall.

Firewall has 4 physical Interfaces (as default in 5510)

option 1)

               Define 4 interfaces each one in each VLAN.

option 2)
               Define 4 Vlan interfaces using 802.1q encapsulation on a physical interface and use other  interface as redundant.

** Bandwith in the trunked port is not critical here.

Thanks

Labels:
0 Helpful
2 Replies 2

Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎05-19-2011 02:55 AM

Hi,

   I'd go for option(2) because you can use redundant interface features on ASA and also redundant VLANs because of trunk ports.  Actually If I can go for option3 , I will.

Option 3) , Upgrade OS 8.4 (Check Hardware first) on ASA and use "Etherchannel Features" on trunk ports.

HTH,

Toshi

0 Helpful

Florin Barhala
Level 6
Level 6

‎05-19-2011 02:59 AM

It's a matter of redundancy and available ports. If you require 1st one, you will use one port for each vlan; if you will expand later your network it is more scalable to have those Vlans bundled under one port.

I would stick to a middle solution: one interface for Internet, one interface for Lan, one interface for DMZ, one interface bundled with the rest of existing VLANs.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card