manualshive.com logo in svg

Cisco ASA 5506W-X, Configuration Manual

The Cisco ASA 5506W-X Configuration Manual is an essential resource for users to optimally set up and manage their Cisco ASA 5506W-X device. Download the comprehensive manual for free from our website to ensure smooth and secure networking for your organization.

Share
Download
background image

Step 2. Create Subinterfaces for Each VLAN on Gig1/9

For each VLAN that you have configured on the access point, you need to configure a
subinterface of Gig1/9. In this example configuration, you add two subinterfaces:

-Gig1/9.5, which will have nameif vlan5, and will correspond to VLAN 5 and subnet 10.5.0.0/24.

-Gig1/9.30, which will have nameif vlan30, and will correspond to VLAN 30 and subnet
10.3.0.0/24.

In practice, it is essential that the VLAN and subnet configured here match the VLAN and subnet
specified on the access point. The nameif and subinterface number can be anything you choose.
 Please refer to the quick start guide previously mentioned for links in order to configure the
access point using the web GUI.

ciscoasa(config)# interface g1/9.5

ciscoasa(config-if)# vlan 5

ciscoasa(config-if)# nameif vlan5

ciscoasa(config-if)# security-level 100

ciscoasa(config-if)# ip address 10.5.0.1 255.255.255.0

ciscoasa(config-if)# interface g1/9.30

ciscoasa(config-if)# vlan 30

ciscoasa(config-if)# nameif vlan30

ciscoasa(config-if)# security-level 100

ciscoasa(config-if)# ip address 10.30.0.1 255.255.255.0

Step 3. Designate a DHCP pool for each VLAN

Create a separate DHCP pool for each VLAN being configured. The syntax for this command
requires that you list the nameif out of which the ASA will serve the pool in question. A seen in this
example, which uses VLANs 5 and 30: 

ciscoasa(config)# dhcpd address 10.5.0.2-10.5.0.254 vlan5

ciscoasa(config)# dhcpd address 10.30.0.2-10.30.0.254 vlan30

ciscoasa(config)# dhcpd enable vlan5

ciscoasa(config)# dhcpd enable vlan30

Step 4. Configure the Access Point SSIDs, save the config, and reset the module

Finally, the access point needs to be configured to correspond to the ASA's configuration. The
GUI interface for the access point allows you to configure VLANs on the AP via the client
connected to the ASA inside (Gigabit1/2) interface. However, if you prefer to use CLI to configure
the AP via the ASA console session and then connect wirelessly to manage the AP, you can use
this configuration as a template for creating two SSIDs on VLANs 5 and 30.  This must be entered
within the AP console in global configuration mode:

dot11 vlan-name VLAN30 vlan 30

dot11 vlan-name VLAN5 vlan 5

!

dot11 ssid SSID_VLAN30

   vlan 30

   authentication open

   mbssid guest-mode

!

dot11 ssid SSID_VLAN5

   vlan 5

   authentication open

   mbssid guest-mode

!

Summary of Contents for ASA 5506W-X

Page 1: ...ide switch FirePOWER Module Configuration without inside switch Verify Configure DHCP with Multiple Wireless VLANs Step 1 Remove Existing DHCP configuration on Gig1 9 Step 2 Create Subinterfaces for Each VLAN on Gig1 9 Step 3 Designate a DHCP pool for each VLAN Step 4 Configure the Access Point SSIDs save the config and reset the module Troubleshoot Introduction This document describes how to perf...

Page 2: ... Adapter DB 9 to RJ 45 Components Used The information in this document is based on these software and hardware versions Cisco ASA 5506W X device Client machine with a terminal emulation program such as Putty SecureCRT etc Console Cable and Serial PC Terminal Adapter DB 9 to RJ 45 ASA FirePOWER Module Integrated Cisco Aironet 702i wireless access point Built in WAP The information in this document...

Page 3: ...s warning when you change the above interface IP addresses This is expected Interface address is not on same subnet as DHCP pool WARNING DHCPD bindings cleared on interface inside address pool removed Step 2 Modify DHCP pool settings on both inside and wifi interfaces This step is required if the ASA is to be used as the DHCP server in the environment If another DHCP server is used to assign IP ad...

Page 4: ...evice Manager ASDM access Since the IP addressing has been changed HTTP access to the ASA also needs to be modified so that clients on the inside and WiFI networks can access ASDM to manage the ASA asa config no http 192 168 1 0 255 255 255 0 inside asa config no http 192 168 10 0 255 255 255 0 wifi asa config http 0 0 0 0 0 0 0 0 inside asa config http 0 0 0 0 0 0 0 0 wifi Note This configuration...

Page 5: ...n with module sfr Connected to module sfr Escape character sequence is CTRL X Cisco ASA5506W v5 4 1 build 211 Sourcefire3D login admin Password Sourcefire Output Truncated you will see a large EULA Please enter YES or press ENTER to AGREE to the EULA YES System initialization in progress Please stand by You must change the password for admin to continue Enter new password Confirm new password You ...

Page 6: ...d to module sfr Escape character sequence is CTRL X Cisco ASA5506W v5 4 1 build 211 Sourcefire3D login admin Password Sourcefire Output Truncated you will see a large EULA Please enter YES or press ENTER to AGREE to the EULA YES System initialization in progress Please stand by You must change the password for admin to continue Enter new password Confirm new password You must configure the network...

Page 7: ...r you can apply the example configuration and connect to the SSID of the WAP If you do not use the CLI below you need to plug in the ethernet cable from your client to the Gigabit1 2 interface on the ASA If you prefer to use the CLI to configure the WAP you can session into it from the ASA and use this example configuration This creates an open SSID with the name of 5506W and 5506W_5Ghz so that yo...

Page 8: ...nly apply if you do NOT have an inside switch asa sh run interface gigabitEthernet 1 2 interface GigabitEthernet1 2 nameif inside security level 100 ip address 10 0 0 1 255 255 255 0 asa sh run interface gigabitEthernet 1 3 interface GigabitEthernet1 3 nameif sfr security level 100 ip address 10 2 0 1 255 255 255 0 asa sh run interface gigabitEthernet 1 9 interface GigabitEthernet1 9 nameif wifi s...

Page 9: ...e Opening console session with module sfr Connected to module sfr Escape character sequence is CTRL X show network System Information Hostname Cisco_SFR Domains example net DNS Servers 10 0 0 250 Management port 8305 IPv4 Default route Gateway 10 0 0 1 eth0 State Enabled Channels Management Events Mode MDI MDIX Auto MDIX MTU 1500 MAC Address B0 AA 77 7C 84 10 IPv4 Configuration Manual Address 10 0...

Page 10: ... 1 0 254 and verify that the AP GUI is now accessible 2 Ping the SFR management interface from the inside client and the ASA to verify proper connectivity 3 Configure DHCP with Multiple Wireless VLANs The configuration assumes that you use a single wireless VLAN The Bridge Virtual Interface BVI on the Wireless AP can provide a bridge for Multiple VLANs Because of the syntax for DHCP on the ASA if ...

Page 11: ... 30 0 1 255 255 255 0 Step 3 Designate a DHCP pool for each VLAN Create a separate DHCP pool for each VLAN being configured The syntax for this command requires that you list the nameif out of which the ASA will serve the pool in question A seen in this example which uses VLANs 5 and 30 ciscoasa config dhcpd address 10 5 0 2 10 5 0 254 vlan5 ciscoasa config dhcpd address 10 30 0 2 10 30 0 254 vlan...

Page 12: ...d interface Dot11Radio1 5 encapsulation dot1Q 5 bridge group 5 bridge group 5 subscriber loop control bridge group 5 spanning disabled bridge group 5 block unknown source no bridge group 5 source learning no bridge group 5 unicast flooding interface Dot11Radio1 30 encapsulation dot1Q 30 bridge group 30 bridge group 30 subscriber loop control bridge group 30 spanning disabled bridge group 30 block ...

Page 13: ...log to flash event log Note You do NOT need to reload the entire ASA device You must only reload the built in access point Once the AP finishes reloading then you must have connectivity to the AP GUI from a client machine on the wifi or inside networks It generally takes about two minutes for the AP to completely reboot From this point on you can apply the normal steps to complete the configuratio...

Reviews:

No comments

Related manuals for ASA 5506W-X

ZyXEL Communications ZyXEL ZyWALL 35 User Manual preview
ZyXEL ZyWALL 35
Brand: ZyXEL Communications Pages: 704
IronPort S660 Quick Start Manual preview
S660
Brand: IronPort Pages: 3
Sophos XGS 116 Quick Start Manual preview
XGS 116
Brand: Sophos Pages: 68
Barracuda CloudGen Firewall F1000 CE0 Quick Start Manual preview
CloudGen Firewall F1000 CE0
Brand: Barracuda Pages: 8
tufin T-1200 Quick Start Manual preview
T-1200
Brand: tufin Pages: 22

Brands by name

Popular brands

Load more brands