Posts Tagged ‘Cisco ASA 5505’

Guest Wireless Access Using a Cisco ASA 5505 with VLAN Configuration

July 22, 2010 3 comments

In my last post here I showed the procedure on how to enable guest internet access by creating a vlan with a Cisco ASA 5510 firewall. To accomplish the same setup using a Cisco ASA 5505 there are some differences in how the guest interface and vlan are created within the Cisco firewall. Also, there is a very important prerequisite; you must have the Security Plus License for the ASA 5505 to enable vlan trunking. All other aspects of the procedure are the same.

To create the Guest-VLAN interface in the ASA 5505 you need to use the command line interface (CLI). The first step is to establish a connection to the ASA 5505 using a Cisco RJ-45 to DB9 console cable or IP telnet session. Using a program such as PUTTY, open a serial or telnet connection to the ASA 5505. Enter enable mode by typing “en”, you will be prompted for the enable password.

Here are the necessary commands with comments:

# enter configuration mode

conf t

#create the new vlan

int vlan3

#give the interface a name

nameif Guest-VLAN

#assign a security level lower than that of your internal LAN

security-level 10

#assign the interface an ip address

ip address

#enable the interface

no shutdown

#exit interface configuration


#access the physical interface that your LAN is connected

int Ethernet0/1

#define the vlans that the interface will allow (vlans 1 & 3 in this case)

switchport trunk allowed vlan 1 3

#define the native vlan

switchport trunk native vlan 1

#change the interface from access mode to trunk mode (this allows multiple vlans (security plus license required))

switchport mode trunk

#enable the interface

no shutdown


That’s it for the configuration on the ASA 5505! The rest of the procedure is the same as this post Guest Wireless Access Using a Cisco ASA 5510 with VLAN Configuration


%d bloggers like this: