asked on

How would you create a vlan on a cisco catalyst 3500 connect to Cisco asa 5500.

How would you create a vlan on a cisco catalyst 3550 switch connect to Cisco asa 5500 firewall.

ASKER CERTIFIED SOLUTION

jordanrog

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

henjohn1520

ASKER

What changes would need to be done on the asa 5500 firewall? Would I have to create a vlan to match the new vlan on the switch? Let me explain how the Cisco 3550 switch is connected to the Cisco ASA 5500 firewall.

Port 0/23 on the Cisco 3550 switch is connected to port 0/1 on the Cisco ASA 5500 firewall. Port 0/23 is in the Cisco 3550s default vlan 1 and its set to switchport mode dynamic desirable. Port 0/1 is in the Cisco ASA 5500s vlan1. What would be the first step?

Les Moore

You would create a trunk port between the switch and the ASA
On the switch:
interface fast 0/23
switch trunk encap dot1q
switch mode trunk

Then, define a VLAN on the switch:
vlan 123
exit
Then, assign an interface to this vlan
interface fast 0/xx
switch access vlan123

On the ASA, create a sub-interface for the new vlan, with vlan ID
interface Ethernet 0/0.123
vlan 123
nameif vlan123
security-level 100
ip address 192.168.123.1 255.255.255.0

henjohn1520

ASKER

Would anything need to be done to allow computers on the new vlan to access the internet.

henjohn1520

ASKER

I am unble to create a sub-interface with my cisco asa 5505. I followed the commands that you provided, but I was unable to.

Les Moore

Ah.. 5505 is a little different
Here's a good piece from our friend batry_boy
https://www.experts-exchange.com/questions/22456080/configuring-ASA-5505-4-VLANs.html