Showing results for 
Search instead for 
Did you mean: 

Stuck with SG500X, vsphere 5.5, ASA 5505 and VLAN config

Claus Pfleger


I'm having two C220M3 here running vSphere 5.5U1 (ESXi lus vCenter 5.5U1). 
I'm only using the two onboard NICs (CIMC NIC is used only for management, nothing else). 
So far my plan was to use the first onboard NIC for 

- VM Network (Host Management, no VLAN) 
- DMZ (VM LAN, VLAN 12 is set in VMware) 
- DMZ2 (VM LAN, VLAN 22 is set in VMware) 

The second onboard NIC is used for iSCSI traffic only (to a Netapp 2040 and other storages). 
Here there is no tagging by VMware and the storages so I put the ports (where the hosts and storages are connected to) into Access Mode and placed them into VLAN 8
This works - but that's the easy part. 


The ASA is using VLAN 12 for DMZ and VLAN 22 for DMZ2 (switchport mode of the ASA ports is Access). 
Port 3 of the ASA is connected to the SG500x (stack with a SG500, layer 2 mode, 4 queues; necessary VLANs are defined) - but obviously I'm not man enough to configure VLANs on the ports right to get traffic from the VMware to the ASA and out of there. 

I was thinking that the first onboard port of the host (VM Network, INTRANET, DMZ, DMZ2) connected to the SG500x needs to be 

- in trunk mode 
- VLAN 1 as untagged (covering VM Network and INTRANET) and 
- VLAN12 and VLAN 22 as tagged VLANs (1UP, 12T, 22T in the web UI, switchport trunk allowed vlan add 12,22 in IOS/CLI) 

while the port where the ASA is connected to the switch (here just DMZ2 -> VLAN22; DMZ with VLAN12 is an own switchport on the ASA) needs to be 
- in Access mode 
- VLAN22 tagged (22UP; switchport mode access + switchport access vlan 22) 


I was unable to get connect to the ASA and over (FW rules are ok to get outside, interface on the ASA is up) 

I was also trying other settings for the port where the ASA is connected like 

trunk with 1UP and 22T (switchport trunk allowed vlan add 22)
trunk with PVID22 (switchport trunk native vlan 22) 

without positive results. 


Any recommendations for me?


1 Reply 1

Claus Pfleger

Great support, thx Cisco for nothing ...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers