Nat (guestWIFI,outside) dynamic interfaceĪccess-group VLAN20 in interface guestWIFI Icmp unreachable rate-limit 1 burst-size 1 Same-security-traffic permit inter-interface : Hardware: ASAv, 2048 MB RAM, CPU Pentium II 2800 MHz Type help or '?' for a list of available commands. i attached the Network topology and Here is the Configuration. I want to make sure vlan10 and vlan20 should reach each other but it is not. I configured vlan10 (inside) and vlan20 (guestWIFI). So physically you connect 1 interface from router to 1 switchport on switch 1 (whatever switch you want that to be) than you connect switch 2 and switch 3 to switch 1 via trunks.I connected ASA with Internet (Outside port) and Connected with switch as a trunk port. You configure the management vlan on the router - as it is the point of contact for all switches. Since IM assuming this is a layer 2 switch 2960? than the gateway is simply for management your switch isnt doing routing so the actual devices need to be configured with the correct gateway To configure the DG of each vlan you do this
Because you want the router to be the DG of all vlans you create the vlan on the router - when you match the trunk ports the switches will than have the vlan db created as well To give vlan access to your other switches you than configure a different switch port as a trunk and trunk the vlans to the second switchĭescription connection to sw2 only access vlan 101 & vlan 103 no vlan 102ģ. In this case you connect gi0/0 to 1 switch (not to multiple switches to one only) and you configure that switchport to be a trunk port depending on your model it would be an "uplink" port Notice that the third number is changing (you can set up networks however you want but you can NOT do 10.10.10.1 and 10.10.10.2 as that is the same network on 2 different interfaces) This is NOT recommended way to do inter-vlans router on stick method.Ģ, The correct way to do this is to create sub interfaces on one physical interface
Int gi0/4 ip address 10.10.12.0/24 etc etc this would be costly and ineffective to separate the vlans among switches you would need to give each interface its own network example 1- i will separate the vlans among the switches (for example vlan 1&2 o switch 1, vlan 2 &3 on switch 2etc.)Ģ-i will create subinterfaces on the router with encapsulation dot1q vlan number and dhcp helper under each subinterfaceģ- create the vlans on the switches and assign the vlans to the end devices on access portsġ.