How to Configure VLAN Sub-Interfaces on Cisco ASA 5500 Firewall

One of the advantages of the CiscoASA firewall is that you can configure multiple virtual interfaces (subinterfaces) on the same physical interface, thus extending the number of security zones (firewall “legs”) on your network. Each subinterface must belong to a different Layer2 VLAN, with a separate Layer3 subnet.

There are limits on the number of VLANs supported on each ASA model, according to the following list:

• ASA 5505: Max 20 VLANs (with the Security Plus Software)
• ASA 5510: Max 100 VLANs (with the Security Plus Software)
• ASA 5520: Max 150 VLANs
• ASA 5540: Max 200 VLANs
• ASA 5550: Max 250 VLANs
• ASA 5580: Max 100 VLANs

Below is a snapshot of a configuration example of VLAN subinterfaces:

interface GigabitEthernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.10
description OUTSIDE1
vlan 10
nameif OUT1
security-level 0
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
description OUTSIDE2
vlan 20
nameif OUT2
security-level 10
ip address 10.20.20.1 255.255.255.0
!

interface GigabitEthernet0/1
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.30
description INSIDE1
vlan 30
nameif INSIDE1
security-level 90
ip address 10.30.30.1 255.255.255.0
!
interface GigabitEthernet0/1.40
description INSIDE2
vlan 40
nameif INSIDE2
security-level 80
ip address 10.40.40.1 255.255.255.0
!

Cisco Catalyst 2960 LAN Base Series & Catalyst 2960 LAN Lite Series

The Cisco Catalyst 2960-S and 2960 Series are fixed-configuration access switches designed for enterprise, midmarket, and branch office networks to provide lower total cost of ownership.The CiscoCatalyst2960 and 2960-S Series Switches are the leading Layer 2 edge, providing improved ease of use, highly secure business operations, improved sustainability, and a borderless network experience. The Catalyst 2960-S Series Switches include new FlexStack switch stacking capability with 1 and 10 Gigabit connectivity, and Power over Ethernet Plus (PoE+) with the Cisco Catalyst 2960 Series Switches offering Fast Ethernet access connectivity and PoE capabilities.

CiscoCatalyst2960-S and 2960 Series Switches with LAN Base Software

The CiscoCatalyst2960-S and 2960 Series Switches with LAN Base Software are fixed-configuration, Layer 2 Ethernet switches that support enhanced switching services, IP communications, and wireless networking for small and medium-sized businesses. These switches provide the performance, availability, and manageability that modern office environments demand, as well as the intelligence to support state-of-the-art business applications security services.

The Cisco Catalyst 2960 Series with LAN Base softwarecan provide:

         Fast Ethernet and Gigabit Ethernet connectivity to the desktop to deliver superior application performance

         Power over Ethernet (PoE) to provide 15.4W simultaneously on all PoE ports

         Advanced security capabilities, including identity services and sophisticated access control to protect your critical assets

         Quality of service (QoS) intelligence to support delay-sensitive IP voice and video applications and optimize bandwidth in your network

         Redundancy and resiliency features to protect the availability of your critical applications at all times

         Simple, scalable management with the option to use a command-line interface (CLI) or the GUI-based Cisco Network Assistant with Cisco Smartports interface

         Scalability to continually accommodate new applications and services as your business evolves

         Limited lifetime warranty and free Cisco IOS Software updates

NOTE: PDF File:Cisco Catalyst 2960-S and 2960 Series Switches with LAN Base Software

http://www.cisco.com/cisco/web/solutions/small_business/products/routers_switches/catalyst_2960_series_switches/docs/C78-481303-02_2960-LAN_DS_FINAL.pdf

CiscoCatalyst2960-S and 2960 Series Switches with LAN Lite software

The CiscoCatalyst2960-S and 2960 Series Switches with LAN Lite software provide the security and performance that your business applications demand and are scalable to support your continually evolving network environment. By providing these capabilities in your network foundation, you can improve the availability of your critical applications, protect your business information, more easily accommodate expanding services, and optimize your network bandwidth to more effectively deliver information and applications.

The Cisco Catalyst 2960-S and 2960 Series with LAN Lite software are fixed-configuration, Layer 2 edge switches that provide Fast Ethernet or Gigabit Ethernet connectivity and support essential security, quality of service (QoS), and high availability for growing businesses. These switches deliver the reliability and performance you need to provide a fully scalable managed network environment for your business.

NOTE:PDF File:Cisco Catalyst 2960-S and 2960 Series Switches with LAN Lite Software

http://www.cisco.com/cisco/web/solutions/small_business/products/routers_switches/catalyst_2960_series_switches/docs/Catalyst_2960_Series_Switches_LAN_Lite_DS_FINAL.pdf

Also Compare Models of CiscoCatalyst 2960 Series Switches you can visit:

http://www.cisco.com/en/US/products/ps6406/prod_models_comparison.html

More Tutorial: How to Configure a Cisco 2960 Switch/Layer 2 Switch?

http://blog.router-switch.com/2011/12/how-to-configure-a-cisco-2960-switchlayer-2-switch/

Upgrade a Cisco 2960 IOS with a Console Cable

http://blog.router-switch.com/2011/11/tutorial-upgrade-a-cisco-2960-ios-with-a-console-cable/