ASA 5510 DHCP with subinterface and Vlan

Home Forums Networking Cisco Routers & Switches How-to ASA 5510 DHCP with subinterface and Vlan

Viewing 1 post (of 1 total)
  • Author
  • Avatar


    I am planning to setup a network which invloves Cisco ASA 5510 as a Firewall, DHCP, layer3 router, sub-interfaces to support vlans. There will be 3 Cisco 2960 access switches which connect multiple stations within corresponding Vlans. Each 2960 switch will be connected to core switch which is also 2960S-48 which eventually connects to ASA Firewall.
    The main criteria is to isolate machines and disable comm b/w VLANs within the switch as well as across the VLans setup on other access switches. However they all should be able to use ASA5510 as their gateway and go to internet via NAT. Also what would be IP and gateway of access SW1,2,3 in this case, NAT setup on firewall. I will appreciatea any kind of input and config suggestions to meet the desired critereia. Here is my proposed setup:

    Cisco ASA5510: no ip address on physical interface, enable sub-interfaces as per vlan, enable 802.1q encap, trunk with core switch 2960-48. For exp:
    interface Ethernet0/1
    no nameif
    security-level 100
    no ip address
    interface Ethernet0/1.1
    vlan 10
    nameif Test1
    security-level 100
    ip address
    interface Ethernet0/1.20
    vlan 20
    nameif Test2
    security-level 100
    ip address

    interface Ethernet0/1.30
    vlan 30
    nameif Test3
    security-level 100
    ip address

    Access Switch1 2960: There will be 3 VLans per switch and each Vlan will have 5 stations connected. So for exp Switch1 will be Switch port access from 1-5 for Vlan10, port access 6-10 for VLan20, port access 11-15 for VLan30. Swtich1 port 24 to perform Trunk with Core switch port 40.

    Access Switch2 2960: Same as above with Vlan 40, Vlan50, VLan 60 and port 24 trunked with core switch port 41

    Access Switch3 will follow the same trend as above.

    Thanks in advance..!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.