Span a vlan across an ASA

trojan81
trojan81 used Ask the Experts™
on
Hi experts,

I need to bridge a VLAN to another switch. In between these two switches is an ASA.

Switch1 ---> (gi1/0) ASA (gi1/1)----> Switch2

Switch1 has a routed /30 connection to the ASA on gi1/0.
The connection between the ASA to Switch2 is a trunk with existing subinterfaces.

I want to span our management Vlan5 from switch 1 to switch 2.

Let me know if I am wrong:

#1) Run another connection from switch1 to the ASA and make this a trunk connection. On the ASA side it will look like:

interface GigabitEthernet1/2
 description Bridge_VLAN5
 no shutdown
 no nameif
 no security-level
 no ip address

interface GigabitEthernet1/2.5
 description Bridge for Vlan5
 vlan 5
 no nameif
 no security-level
 no ip address


#2. Add a subinterface on Gi1/1 for Vlan5

interface GigabitEthernet1/1.5
 description Bridge for Vlan5
 vlan 5
 no nameif
 no security-level
 no ip address


The switch side will have an SVI for VLAN 5 and the physical ports will be switchport access VLAN 5.

Does this sound doable?


Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sorry, the ASA doesn't work like that. It will produce an error if you try and put the same VLAN tag on two different ports.
Is it because of cabling limitations you want to do it this way? The easy way would just be to connect the two switches directly, either with access ports on VLAN5 or with a filtered trunk.

Author

Commented:
Kellemann, thank you. I suppose I was just trying to get cute with the ASA.

I can certainly connect the two switches together.
Both switches have an SVI of VLAN 5. When I connect the two switches together, would it work to just have them in switchport mode access or does it have to be a trunk? Only Vlan5 will go through this.
It will work just fine with access ports, just make sure both are in vlan 5.
Top Expert 2010

Commented:

Does this sound doable?

of course! You are creating a 802.1q trunk between the ASA and Switch and this is supported.


Source:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006


Billy

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial