Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VLANs on Cisco ASA 5520

Status
Not open for further replies.
netwalker1

netwalker1

Programmer
Feb 5, 2000
1,241
EG
Dear All :

We are going to implement about 20 VLANs on an ASA 5520 ( Flash : 256 and RAM : 512 ) - using ASA version : 8.0(4)

will there be any performance problem ?

Knowing that the license is supporting up to 150 VLAN ...


Anyone tested something like this can advise ?


Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]
 
Sort by date Sort by votes
is there any reason you can't move the VLAN's to a L3 switch??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
There is a L3 - and it works with an inter-routing between VLANs already ... but the need is to create access-list between the VLANs , and by revising the needs I found that it will be very hard to create all these access-list rules on the switch !

So we may need to move it the ASA - and this is why I am checking ...

Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]
 
Upvote 0 Downvote
an ACL is an ACL whether it's on a switch, router, or firewall. there's no question that you can do it on the 5520, but your bottleneck is going to be the trunk link between the ASA and the downlevel switch.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Yes - you are right ...
However having the Access List on the FW is much easier and efficient than having them on the switch ?

Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]
 
Upvote 0 Downvote
In terms of ease of use, to each his own. In terms of being more efficient, it depends. When ACLs are used in a switch they are actually compiled and executed in hardware just as a router and a firewall (NOTE: This is for most switches and most types of traffic). The limitation is the switch database manager (SDM) that compiles and executes the ACE lookups. It really all comes down to what kind of L3 switches you've got. If you're using a 5520 I'm assuming that you're going to have 4500 or 6500 series switches??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
4500 Series ...

So - your advise is to create the Access-list on the switches directly ?

Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]
 
Upvote 0 Downvote
The 4500 series supervisors have large TCAM so they can accomodate a large number of ACL's that will be switched in hardware (see the link below if you're interested). In the end, it's all up to you in how you want to do it. Doing it in the switch will remove the single 1GB port as the bottleneck.


I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
673
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
584
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
631
intel233
intel233
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
314
AllenH12
AllenH12
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
159
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top