I have a switched/Flat network with mostly HP procurve 1920-48G switches that support 802.1 p/q VLAN tagging. We are in the process of redesigning the network to a more secure, less noisy, and better manageable network. Hello VLANs!
We have an ASA 5505 firewall laying around not in use. It supports 802.1q VLAN tagging so I know that it will work with the HP switches.
Can I use the ASA 5505 for my vlan routing or would I need to purchase a router? If so, then which model would you recommend?
side note: the network is small (180 users and 15 servers) and non of the network devices (switches and firewalls) are Cisco devices.
Please let k\me know if you need more information.
With basic license, the 5505 supports 3 vlans. If you have security plus license that number is 20.
If you have the funding, you can use 2911 router instead.
Doing router-on-a-stick can present a scalability issue whether you're using an ASA or a router. In this case, the 5505 may limit your number of VLANs (depending on its license) and is only going to give you 100Mb of aggregate Ethernet connectivity for all of your inter-VLAN routing if you use 802.1q. You can increase that if you run each of your VLANs to a dedicated switch port on the 5505, but it's still going to be something of a bottleneck.
The HP ProCurve 1920 unit will do layer 3 switching and static routing, which will route between your VLANs using its switching backplane at much higher speeds. I would look at that first.
Hi Alex, I think you could use the ASA 5505, but certain considerations must be thought through like licenses, number of vlans and what kind of performance are you looking for in a "router".
Here's more information: http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/data_sheet_c78-701253.html?mdfid=280582808
If these are not up to scratch, then please consider a router
HP Procurve may have the capability of inter-vlan routing too.
Layer 3 routing • Static IPv4/IPv6 routing Provides basic routing (supporting up to 32 static routes and 8 virtual VLAN interfaces); allows manual routing configuration