Keithburnham
asked on
How should I setup my switch attached to ASA 5510 to allow two VLANs in a trunk?
I have an ASA 5510 firewall and I have used all 4 ethernet ports for different subnets. I need to VLAN some traffic from my internal network and terminate it on the inside interface (ethernet/1) using a virtual interface with a VLAN (for example ethernet0/1.192).
I have setup a vlan of ID 192 on the ports I need on my switches (they are either cisco 3550 or 3560 switches) and created the virtual interface ethernet0/1.192 on my ASA with the correct security level. It has an IP address and I have enabled DHCP on that interface. I have proved that VLANs are trunking between switches by plugging devices into the ports on vlan 192 and pinging them successfully then trying to ping an internal IP after changing my IP to that subnet and correctly being unable to do so.
I think my problem lies at the switch port that connects to ethernet0/1. Currently it is set to an 802.1q trunk (like the rest of the switches) but I cannot gain an IP via DHCP or even force myself onto the subnet of the IP associated with the virtual interface ethernet0/1.192 to ping it.
My question is, how do I setup my switch port (or ASA port, if that's where the problem lies) to allow the VLAN to hit the virtual interface? I'm at a total loss and seem to have hit a wall of knowledge. Thanks in advance.
Jon.
I have setup a vlan of ID 192 on the ports I need on my switches (they are either cisco 3550 or 3560 switches) and created the virtual interface ethernet0/1.192 on my ASA with the correct security level. It has an IP address and I have enabled DHCP on that interface. I have proved that VLANs are trunking between switches by plugging devices into the ports on vlan 192 and pinging them successfully then trying to ping an internal IP after changing my IP to that subnet and correctly being unable to do so.
I think my problem lies at the switch port that connects to ethernet0/1. Currently it is set to an 802.1q trunk (like the rest of the switches) but I cannot gain an IP via DHCP or even force myself onto the subnet of the IP associated with the virtual interface ethernet0/1.192 to ping it.
My question is, how do I setup my switch port (or ASA port, if that's where the problem lies) to allow the VLAN to hit the virtual interface? I'm at a total loss and seem to have hit a wall of knowledge. Thanks in advance.
Jon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The answer was correct but I had already set all of these settings in my configs. It did however lead me to then add VLAN 192 to the switch.
ASKER