Cisco ASA 5510 and Trunking

Curiosityx · 8 Apr 2008 at 22:22

Greetings i have a switch with 15 vlans on it each on a different subnet, i want to trunk the switch to an ASA 5510 using 802.1Q to isolate each internal network and also provide internet access to each subnet, can this be done on the ASA5510, the documentation states that it supports upto 100 Vlans using the security plus license. Examples Below:

Switch

Vlans 10 - 25

Firewall

interface FastEthernet 0/1.10
Vlan 10
!
interface FastEthernet 0/1.11
Vlan 11
!
interface FastEthernet 0/1.12
Vlan 12
!
interface FastEthernet 0/1.13
Vlan 13
!
interface FastEthernet 0/1.14
Vlan 14
!
interface FastEthernet 0/1.15
Vlan 15
!
interface FastEthernet 0/1.16
Vlan 16
!
interface FastEthernet 0/1.17
Vlan 17
!
interface FastEthernet 0/1.18
Vlan 18
!
interface FastEthernet 0/1.19
Vlan 19
!
interface FastEthernet 0/1.20
Vlan 20

Rich · 8 Apr 2008 at 22:27

It can indeed. Obviously you would want to devide the vlans out between physical interfaces though. Wouldnt want 20 individual subnets sharing 100mb. Guess that depends entirely upon how busy the subnets will be.
Actually though, the Sec+ license gives you 2 gigabit so you could use one of those.

Curiosityx · 8 Apr 2008 at 22:32

Rich said:
It can indeed. Obviously you would want to devide the vlans out between physical interfaces though. Wouldnt want 20 individual subnets sharing 100mb. Guess that depends entirely upon how busy the subnets will be.
Actually though, the Sec+ license gives you 2 gigabit so you could use one of those.

Thank you for a swift reply, there will be little traffic between sub interfaces and vlans but each subnet assigned to said vlan will have internet access via the ASA on a 10Mb pipe.

Regards

S_D · 8 Apr 2008 at 22:42

If your bottleneck is the internet pipe then you'd be ok to stick them all on one interface as you won't be maxing out the interface bandwidth at all, and it gives you some options for the other 2 interfaces at a later date...

Curiosityx · 8 Apr 2008 at 22:44

S_D said:
If your bottleneck is the internet pipe then you'd be ok to stick them all on one interface as you won't be maxing out the interface bandwidth at all, and it gives you some options for the other 2 interfaces at a later date...

Thank you for your reply

Regards