Maximum Number And Types Of Vlans - Cisco ASA 5505 Getting Started Manual

Chapter 3 Planning for a VLAN Configuration

Maximum Number and Types of VLANs

78-17612-02
Before you can enable a switch port on the ASA 5505, it must be assigned to a
VLAN. With the Base platform, each switch port can be assigned to only one
VLAN at a time. With the Security Plus license, you can use a single port to trunk
multiple VLANs on an external switch, enabling you to scale your deployment for
larger organizations.
You can create VLANs and allocate ports in the following ways:
Method of Configuring VLANs
ASDM Startup Wizard
ASDM GUI configuration
Command-line interface
Your license determines how many active VLANs that you can have on the ASA
5505.
Although the ASA 5505 comes preconfigured with two VLANs, you can create a
as many as 20 VLANs, depending on your license. The security plus license
allows you to create up to 20 VLANs in both modes—routed and transparent.
For example, you could create VLANs for the Inside, Outside, and DMZ network
segments. Each access switch port is allocated to a single VLAN. Trunk switch
ports may be allocated to multiple VLANs.
With the Base platform, communication between the DMZ VLAN and the Inside
VLAN is restricted: the Inside VLAN is permitted to send traffic to the DMZ
VLAN, but the DMZ VLAN is not permitted to send traffic to the Inside VLAN.
The Security Plus license removes this limitation, thus enabling a full DMZ
configuration.
Table 3-1 lists the number and types of connections supported by each license.
Understanding VLANs on the ASA 5505
For more information, see...
Chapter 5, "Configuring the Adaptive
Security Appliance"
ASDM online help
Cisco Security Appliance Command
Reference
Cisco ASA 5505 Getting Started Guide
3-3