I have a Cisco ASA 5505 with a Security Plus license. I'm trying to have two physical ports provide two separate VLAN connections to the same physical network.
I have both VLANs defined properly – named "inside" and "test". I have the test VLAN assigned to Ethernet0/1. The goal is to have a completely segregated "test" network that cannot communicate with the inside network even if the proper subnet is applied to the NICs.
It works, somewhat, but I'm definitely missing something. When I have the cable plugged into e0/1 connecting it to my switch I get heavy and random packetloss from traffic over both VLANs – but traffic does flow to/from the Internet over both VLANs. When unplugging the cable traffic on the inside interface reverts to its rock-solid state.
Any direction would be greatly appreciated.
Best Answer
I'm not sure I understand that sentence. It sounds a lot like "AP isolation" in wireless networks -- clients aren't allowed to talk to each other. That would be
switchport protectedon an ASA, but that's within a single VLAN. If the ports are in different VLANs, then they're routed based on security level, acls, nat, etc. (and you cannot have the same subnet on more than one active VLAN)See Configuring Interfaces for the Cisco ASA 5505 Adaptive Security Appliance for more.