This post is more than 5 years old
16 Posts
0
50707
Setup VLAN between PowerConnect 2724 and Cisco ASA 5510
Hi all,
Is there anyone here has ever tried to setup VLAN between Cisco ASA 5510 and PowerConnect 2724?
Our environment is all VMs and would like to put a few of the VM servers on the DMZ. That's why I'm trying to create the VLAN to split it to two.
VLAN 1 is local LAN.
VLAN 2 is DMZ.
This is my planned configuration on the;
Cisco ASA
port 0: connected to the internet with no vlan
port 1: connected to 2724 on vlan 1, 2
2724:
port 24: connected to Cisco ASA on VLAN 1, 2.
port 23: connected to another switch on VLAN 1.
port 21-22: connected to PowerEdge (VM server) on VLAN 1, 2.
port 1-20: connected to PCs LAN on VLAN 1.
I tried the configuration on my Cisco ASA VLAN (please read below) based on the Cisco engineer suggested but I did not see any traffic going in and out the Cisco when I did packet capture. The outside world can access the Cisco and that's about it. I'm on the inside can access all my server on LAN with no problem but can't get to the internet. He said that the DELL switch needs to be configured properly to support the VLAN.
My Cisco ASA Config:
int ether0/1
no shut
int ether0/1.1
no shut
vlan 1
nameif inside
ip address 10.1.1.1 255.255.255.0
int ether0/1.2
no shut
vlan 2
nameif DMZ
ip address 192.168.1.1 255.255.255.0
I read somewhere from google that I have to set the port to trunk mode but did not find the option to do that from the DELL web management page.
Any help would be appreciated.
Thanks! :emotion-1:
Anaraendil
72 Posts
1
March 21st, 2011 00:00
Hi,
Yes, I forgot about this.
Change Port VLAN mode to general, keep PVID as 1. All ports in default have VLAN 1 as untagged (U), leave it. On port 24 add VLAN 101 and 102 as tagged (T), all other ports must have blank fields in VLAN 101 and 102.
Anaraendil
72 Posts
1
March 21st, 2011 12:00
Never worked with PC27XX, it's possibillities are so limited:) Looks like all ports are already in general mode, so you have no need to change anything
Anaraendil
72 Posts
0
March 19th, 2011 03:00
HI,
In web management mode open page VLAN Membership. Here you can see which interface belong to which VLAN. Probably you will see that all interfaces are in VLAN 1 untagged. Change VLAN ID in the upper part of the page to 2 and you will see many blank fields. Click on one of them to change value to T, which means that you added interface to VLAN 2 as tagged. Now you will have this interfaces int two VLANS: 1 as untagged and 2 as tagged.
From your ASA config I see that both your subintarfaces are tagged, but as far as I know Dell doesn't permit VLAN 1 to be tagged, so you probably need to change this in ASA.
cpangker
16 Posts
0
March 20th, 2011 18:00
Alright, thanks so much for the feedback.
I will change the vlan to use vlan 100 and 200 instead of using the default vlan1 and see what happens. :emotion-1:
cpangker
16 Posts
0
March 20th, 2011 19:00
ANARAENDIL,
Ok, I chose vlan 101 and 102 instead.
Do I need to change anything under VLAN Port Settings? or leave all as PVID1?
Under VLAN Membership, which port that I need to have it as T? Port 24 is the one that's connected to the Cisco router. Is that the only that I need to have the "T" tag?Do I leave the other ports as blank or U?
Thanks again for the feedback.
cpangker
16 Posts
0
March 20th, 2011 22:00
Ok,
This is what I did so far.
I have created vlan on the sub-interface of the cisco asa. vlan 101 and 102.
I connected the ethernet cable from cisco asa to port #24 on the dell 2724.
I have set the vlan 101 on port #24 to T.
I tried to ping the dell switch from cisco asa and have no respond.
I plugged in a laptop with static ip of vlan 101 subnet to port #14 of the switch. Port #14 is not a member of U or T. I tried to ping the switch ip address, I'm getting a reply. But when I tried to ping the Cisco ASA ip address, I'm getting no respond.
I called Cisco Tech Support Engineer and he said there must be a setting on the switch that needs to be set to make it work. All I need is to set it as a "Trunk", he said. He saw what I did on the DELL switch that I changed port #24 to T on vlan 101 and apparently that's not changed the port to "Trunk".
Any thoughts?
Thanks again.
cpangker
16 Posts
0
March 21st, 2011 12:00
I'm not seeing the option to do:
Change Port VLAN mode to general
:emotion-6:
Under VLAN Port Settings, my options are:
Interface: Port # or Lag Group #
PVID (1-4095)
Frame Type: Admit All
Ingress Filtering: Enable
Any Thoughts?