Link to home
Start Free TrialLog in
Avatar of trojan81
trojan81

asked on

Span a vlan across an ASA

Hi experts,

I need to bridge a VLAN to another switch. In between these two switches is an ASA.

Switch1 ---> (gi1/0) ASA (gi1/1)----> Switch2

Switch1 has a routed /30 connection to the ASA on gi1/0.
The connection between the ASA to Switch2 is a trunk with existing subinterfaces.

I want to span our management Vlan5 from switch 1 to switch 2.

Let me know if I am wrong:

#1) Run another connection from switch1 to the ASA and make this a trunk connection. On the ASA side it will look like:

interface GigabitEthernet1/2
 description Bridge_VLAN5
 no shutdown
 no nameif
 no security-level
 no ip address

interface GigabitEthernet1/2.5
 description Bridge for Vlan5
 vlan 5
 no nameif
 no security-level
 no ip address


#2. Add a subinterface on Gi1/1 for Vlan5

interface GigabitEthernet1/1.5
 description Bridge for Vlan5
 vlan 5
 no nameif
 no security-level
 no ip address


The switch side will have an SVI for VLAN 5 and the physical ports will be switchport access VLAN 5.

Does this sound doable?


ASKER CERTIFIED SOLUTION
Avatar of Jacob Kellemann
Jacob Kellemann
Flag of Denmark image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of trojan81
trojan81

ASKER

Kellemann, thank you. I suppose I was just trying to get cute with the ASA.

I can certainly connect the two switches together.
Both switches have an SVI of VLAN 5. When I connect the two switches together, would it work to just have them in switchport mode access or does it have to be a trunk? Only Vlan5 will go through this.
It will work just fine with access ports, just make sure both are in vlan 5.

Does this sound doable?

of course! You are creating a 802.1q trunk between the ASA and Switch and this is supported.


Source:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006


Billy