12-06-2016 08:31 AM - edited 03-08-2019 08:28 AM
Hello,
I'm setting up a small network of the office. This is my 2nd 5506-x. first one was setup without much of a problem since I had L3 switch handling all the traffic. This time i have a different setup with unmanaged switches for each vlan.
The connectivity goes:
ISP gateway--> GE1/1 of 5506
GE1/2 of 5506--> Unmanaged switch for inside Data traffic
GE1/3 of 5506--> Unmanaged switch for inside Voice traffic
GE1/8 of 5506--> to Managed Access Point which supports VLANs
Configuration parameters:
Management VLAN 5 (Subnet: 192.168.5.254/24)
Data VLAN 10: (Subnet: 10.10.10.254/24)
Voice VLAN 20: (Subnet: 10.10.20.254/24)
Guest VLAN 30: (Subnet: 10.10.30.254/24) for guest Wi-Fi (Only Access points; no physical connectivity required for this vlan).
DHCP and DNS will be handled by ASA for each VLAN.
I want to configure the GE1/2 as Data VLAN, GE1/2 as Voice VLAN and GE1/8 as trunk.
I tried many things and read many things without any luck. I also found out that ASA 5506-x doesn't have switchport capabilities. How can i make this work with the hardware i have?
Any help will be greatly appreciated.
Thanks
12-06-2016 09:31 AM
Hi,
As you already know, the new 5506x series firewalls don't support switching/trucking capabilities.
Since you are using a physical interface per vlan/subnet, you design should work. If you need to have multiple vlans on one of the physical interfaces, you may want to try using sub-interfaces.
HTH
12-06-2016 10:02 AM
Hi Reza,
Thanks for the quick response.
If I use physical interface per vlan, yes, it will work. so i configured the physical interfaces as follows:
!
interface GigabitEthernet1/1
description ISP (ComCast) connection
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet1/2
nameif Data
security-level 100
ip address 10.10.10.254 255.255.255.0
!
interface GigabitEthernet1/3
nameif voice
security-level 100
ip address 10.10.20.254 255.255.255.0
!
dhcpd auto_config outside
!
dhcpd address 10.10.10.26-10.10.10.200 Data
dhcpd dns 75.75.75.75 8.8.8.8 interface Data
dhcpd enable Data
!
dhcpd address 10.10.20.26-10.10.20.200 voice
dhcpd dns 75.75.75.75 8.8.8.8 interface voice
dhcpd enable voice
!
object network obj_any
nat (any,outside) dynamic interface
!
nat (Data,outside) after-auto source dynamic any interface (may not be needed)
nat (voice,outside) after-auto source dynamic any interface (may not be needed)
!
dns domain-lookup outside
dns server-group defaultdns
name-server 75.75.75.75 outside
name-server 8.8.8.8 outside
domain-name drbh.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
!
Now, How can I configure the access point connected to physical interface G1/8 so that I can have access to all networks/VLANs (Data, Voice, Guest wifi) over WiFi. It doesn't let me configure the sub-interfaces with the same names as the names are already defined under physical interfaces (ge1/2 & ge1/3) and where can I add sub-interface for Guest VLAN?
I'm very confused about the multiple vlans and sub-interfaces. Please advise.
Thanks
12-06-2016 10:34 AM
Hi,
I am not sure what type of APs and wireless controller you have, but I was thinking that you connect the APs and the controller to a switch and than connect the switch to the firewall. Now since you can't do vlan on the firewall, I was thinking you can maybe create 2 sub-interfaces,say g1/8 is where the switch is connected and you need 2 subnets (say 10.10.50.0/24 for internal WiFi and 10.10.60.0/24 guest WiFi. So, something like:
12-06-2016 11:03 AM
Hi,
only one AP so no controller is needed in this application. Also, the switches i have are unmanaged and can't do Vlan tagging so the sub-interfaces wont work here. I will play with this and if it still doesn't work, I will connect AP directly to Data switch and have only Data and guest network configured with L2 isolation on AP.
Thank you very much.
Still open for help from anyone on this.
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide