Creating a VLAN interface is done the same as it’s done on a Cisco IOS router; however,
associating the VLAN tag to the subinterface is different from that on a Cisco router.
Here is the configuration to create the subinterface and to identify the VLAN for the
subinterface:
ciscoasa(config)# interface physical_name slot_#/port_#.subid_#
ciscoasa(config-subif)# vlan vlan_#
The subid_# is the number of the subinterface. The number you specify here doesn’t have
to match the VLAN number the interface will process; however, it is common practice.
Simple example illustrating the use of VLANs on a physical interface:
ciscoasa(config)# interface ethernet0/0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# exit
ciscoasa(config)# interface ethernet0/0.1
ciscoasa(config-subif)# vlan 10
ciscoasa(config-subif)# ip address 192.168.10.1 255.255.255.0
ciscoasa(config-subif)# nameif dmz1
ciscoasa(config-subif)# security-level 51
ciscoasa(config-subif)# exit
ciscoasa(config)# interface ethernet0/0.2
ciscoasa(config-subif)# vlan 20
ciscoasa(config-subif)# ip address 192.168.20.1 255.255.255.0
ciscoasa(config-subif)# nameif dmz1
ciscoasa(config-subif)# security-level 50
ciscoasa(config-subif)# exit
Notice that the only thing done on the physical interface is to enable it, since in this
example the appliance doesn’t need to process traffic for the native VLAN.
To change the properties of the two logical VLAN interfaces, or to create a new
logical VLAN interface, use the following configuration:
ciscoasa(config)# interface vlan vlan_#
ciscoasa(config-if)# nameif logical_name
ciscoasa(config-if)# ip address IP_address [subnet_mask]
ciscoasa(config-if)# security-level number
To associate a physical interface with a logical VLAN interface, use the following
configuration:
ciscoasa(config)# interface physical_name
ciscoasa(config-if)# switchport access vlan vlan_#
Use the show switch vlan command to verify your VLAN configuration on the
ASA 5505 (from the preceding configuration):
ciscoasa# show switch vlan
No comments:
Post a Comment