Therefore the communication between different subinterfaces is governed by the same rules as physical interfaces. Communication between subinterfacesĮach subinterface is a different security zone with a different security-level. Then you must configure access ports on the switch belonging to the above Vlans accordingly in order to connect hosts to the access ports. The same Layer2 Vlan numbers which are configured on the firewall appliance (in our example the configured VLANs are 10,20,30,40) must also be created as Layer2 Vlans on the switch. In order to implement the concept of Vlans and subinterfaces in a network, you must connect each physical interface of the ASA to a trunk port on a switch which must support 802.1q trunking.
#Cisco asav port channel how to
How to actually implement the above in the network ASA 5510: Max 100 VLANs (with the Security Plus Software)īelow is a snapshot of a configuration example of VLAN subinterfaces:Īs you can see from the configuration above, we are using two of the physical interfaces ( GigabitEthernet0/0 and GigabitEthernet0/1) to create total of four different network segments (security zones).Įach Vlan is also a different Layer 3 subnet and also a separate security zone with its own security-level.ASA 5505: Max 20 VLANs (with the Security Plus Software).There are limits on the number of VLANs supported on each ASA model, according to the following list:
0 kommentar(er)
