HPE Aruba Networking & ProVision-based
1827706 Members
2967 Online
109967 Solutions
New Discussion

Help with creating VLAN between 4200G and Cisco ASA 5510

 
cpangker
Visitor

Help with creating VLAN between 4200G and Cisco ASA 5510

Hi all,

A little background to what I'm trying to do.

My environment is all VM servers (vSphere 4.1) and would like to put a few of those servers on the DMZ.

That's why I would like to create VLAN to split the connection to two. 

VLAN 1 is our LAN.

VLAN 2 is our DMZ.

 

This is what I did on my environment and wasn't successful.

 

Cisco ASA.

Port 0: connected to the internet without using a VLAN

Port 1: connected to 4200G on VLAN 1 and 2.

 

4200G.

Port 48: connected to Cisco ASA on VLAN 1 and 2.

Port 47: connected to DELL PowerConnect switch on VLAN 1.

Port 1-4: connected to my VM host server on VLAN 1 and 2.

Port 5-46: connected to PCs LAN on VLAN 1.

 

I have set Port 48 on the 4200G to trunk mode. 

 

With those settings above I wasn't able to get to the internet when I'm on the LAN or DMZ.

Is there anything else that I need to change on the switch?

The Cisco Support Engineer that helped me out with the settings on the ASA ran a packet capture and he didn't see any traffic going through at all. 

He said it must be the configuration on the switch.

 

Below is my Cisco ASA interface configuration if that any help to you.

 

int ether0/1
no shut
int ether0/1.1
no shut
vlan 1
nameif inside
ip address 192.0.5.1 255.255.255.0
int ether0/1.2
no shut
vlan 2
nameif DMZ
ip address 192.168.1.1 255.255.255.0

 

 

Any help would be appreciated.

Thanks all. :smileyhappy:

2 REPLIES 2
Inge_Suzzy
Frequent Advisor

Re: Help with creating VLAN between 4200G and Cisco ASA 5510

i don't know if the ASA should work like a cisco router when configuring sub interfaces for vlans, on cisco router when you use a sub interfaces is because you are routing vlans an this connections are trunk but the most important it's the encapsulation after the ip address maybe the cisco technician should make the port mode trunk with encapsulation dot1q 1 for vlan 1 sub interface and for vlan 2  dot1q 2

 

tell him this i don't know if in the ASA works  the same way  as the router subinterface

 

 

 

____________________________________
Ing. Angélica Susana Hernández Vázquez
System and Field Engineer
cpangker
Visitor

Re: Help with creating VLAN between 4200G and Cisco ASA 5510

I just talked with the Cisco Engineer and he said the ASA is using global dot1q encapsulation and it's always turned on.

 

It's not like the router where you can split it to dot1q 1 for vlan 1 and dot1q 2 for vlan 2.

 

Will global dot1q encap will work with HP E4200 switch?

I saw in the security option that I can enable global 802.1x on the switch. It's currently disabled.

Is that it?

 

Thanks. :)