	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.2

Forwarding VLAN Packets to virtual interfaces

Asked by geschmidtt in Network Design & Methodology, Cisco PIX Firewall, Wireless Local Area Network

Tags: Cisco, VLAN, Wireless

I am having a challenge that I am not sure the best way to solve:

I am replacing an aging PIX with a new ASA 5510. One thing I want to take advantage of is that the ASA supports virtual interfaces, which I would like to use to channel guest traffic on a wireless lan that I am setting up right now. The problem is I inherited a rather convoluted environment, which I am loathe to change at this point.

Here is the problem:

The PIX has an IP address of 10.10.0.253 255.255.0.0. It is directly plugged into a switch with trunking enabled. For what ever reason that switch has a IP of 10.10.11.7 255.255.0.0. This switch has no VLANs defined. This switch is part of a group of switches that manage the connections in our server room. One of those switches has the IP address of 10.10.0.1 255.255.0.0 and acts as the default gateway for the entire network. The PIX is not plugged into that switch.

We have a distribution switch which distributes 5 main VLANs to the 5 floors we use in the building. Its IP is 10.16.0.1 255.255.255.0. The VLAN model looks like this 10.16.0.1 for the 6th floor 10.17.0.1 for the 7th etc. There are guest vlans on each floor. 10.16.3.0 10.17.3.0 etc (for example). We call them VLAN 63, VLAN 73 etc.

On the new ASA I want the inside interface e0/0 to have in addition to the main network traffic VLAN 63, 73 etc. on virtual interfaces. So that switch would look something like this:
(Inside) E0/0 - 10.10.0.253 (VLAN63) E0/0.1 - 10.16.3.253. etc.

Here is the rub. It looks just plain trunking will not deliver the guest VLAN traffic to the ASA virtual interfaces. I think the ASA needs to be directly attached to the switch that has the VLANs attached, or I need to do some fancy stuff to make it work.

Diagram:

PIX Switch Dist. Switch VLAN63
[========]____________[========]____________[========]---<
10.10.0.253 10.10.11.7 10.16.0.1 VLAN73

I am not sure whether it make sense to plug the ASA into the "distribution" switch to make this happen, and if so what the various routing configurations would be, or if would even work at all.

View the Solution FREE for 30 Days

Related Solutions

Keywords: Forwarding VLAN Packets to virtual int…

	Title
1	External DNS resolving for internal IP's

Loading Advertisement...

20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. donjohnston104,501
2. Quori56,050
3. JFrederic...52,926
4. ikalmar45,125
5. mikebernh...40,058
6. kenboonejr39,945
7. harbor23536,350
8. lrmoore33,111
9. from_exp29,100
10. pwindell25,500
11. giltjr25,258
12. that1guy1523,900
13. uetian170723,428
14. bsohn41721,209
15. jodylemoine20,501
16. RobWill18,364
17. MikeKane18,100
18. Sniper98G16,500
19. leew16,450
20. Magim_IT16,400
21. KevinCov...16,325
22. rochey2...15,730
23. ksims112915,500
24. marmata7514,018
25. asavener13,450

1. donjohnston182,599
2. lrmoore173,115
3. JFrederic...114,776
4. mikebernh...97,598
5. from_exp88,852
6. Quori77,650
7. harbor23576,970
8. that1guy1562,202
9. kdearing57,561
10. RobWill56,114
11. giltjr49,632
12. ikalmar45,125
13. uetian170743,847
14. kenboonejr39,945
15. DevilWAH33,098
16. _jesper_32,925
17. leew31,718
18. bkepford27,700
19. pseudocy...26,059
20. pwindell25,500
21. tigermatt22,950
22. Chris-Dent22,485
23. MikeKane21,900
24. ebjers21,750
25. keith_ala...21,539

Forwarding VLAN Packets to virtual interfaces

Asked by geschmidtt in Network Design & Methodology, Cisco PIX Firewall, Wireless Local Area Network

Tags: Cisco, VLAN, Wireless

About this solution