Avatar of trojan81
trojan81
 asked on

Span a vlan across an ASA

Hi experts,

I need to bridge a VLAN to another switch. In between these two switches is an ASA.

Switch1 ---> (gi1/0) ASA (gi1/1)----> Switch2

Switch1 has a routed /30 connection to the ASA on gi1/0.
The connection between the ASA to Switch2 is a trunk with existing subinterfaces.

I want to span our management Vlan5 from switch 1 to switch 2.

Let me know if I am wrong:

#1) Run another connection from switch1 to the ASA and make this a trunk connection. On the ASA side it will look like:

interface GigabitEthernet1/2
 description Bridge_VLAN5
 no shutdown
 no nameif
 no security-level
 no ip address

interface GigabitEthernet1/2.5
 description Bridge for Vlan5
 vlan 5
 no nameif
 no security-level
 no ip address


#2. Add a subinterface on Gi1/1 for Vlan5

interface GigabitEthernet1/1.5
 description Bridge for Vlan5
 vlan 5
 no nameif
 no security-level
 no ip address


The switch side will have an SVI for VLAN 5 and the physical ports will be switchport access VLAN 5.

Does this sound doable?


Cisco

Avatar of undefined
Last Comment
rfc1180

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Jacob Kellemann

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
trojan81

ASKER
Kellemann, thank you. I suppose I was just trying to get cute with the ASA.

I can certainly connect the two switches together.
Both switches have an SVI of VLAN 5. When I connect the two switches together, would it work to just have them in switchport mode access or does it have to be a trunk? Only Vlan5 will go through this.
Jacob Kellemann

It will work just fine with access ports, just make sure both are in vlan 5.
rfc1180


Does this sound doable?

of course! You are creating a 802.1q trunk between the ASA and Switch and this is supported.


Source:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006


Billy
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23