This configuration snippet shows how to setup trunking to an ASA. In this scenario we have a 5510 that supports 3 physical interfaces. We want to provide a guest vlan on the network that customers could use to access the Internet only, however we aleady are using the 3rd interface for a DMZ.
# This configuration was taken from an ASA 5510 running 7.2(1) with default security assignments of 0 on the outside and 100
# on the inside. The dmz was given a security assignment of 50 and the guest segment was given a security assignment of 10.
# The 3 physical interfaces are Ethernet0/0, Ethernet 0/1 and Ethernet 0/2. Ethernet0/2 is where the vlan trunking will occur.
# When the trunking is performed the native vlan on the trunk needs to be something other than a vlan that is currently in use.
# In this example we are trunking vlan 10 and vlan 99. The native vlan is set on the switch to something other than vlan 10 or 99.
# To set this up on the ASA you need to create subinterfaces associated to the vlan number. So for vlan 10 we use interface
# Ethernet0/2.10 and then under that interface we define that it is in vlan 10. Now make sure that the switch port that physical
# Ethernet0/2 is connected to is set up to do 802.1q trunking with these vlans.
ip address 172.16.1.1 255.255.255.0
ip address 10.1.1.1 255.255.255.0
no ip address
ip address 192.168.100.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0
# Access lists for the outside and dmz interfaces have been omitted from this example.
# When going from a higher interface to a lower interface a NAT and global command are used.
# Any address on the 10.1.1.0 / 24 inside network going to the outside will use PAT translating the source IP
# to the IP address that is configured on the outside interface above. In this case we also want to allow anything
# from the guest segment to access the internet. So in this case we will add one more NAT statement to allow this.
global (outside) 1 interface
nat (inside) 1 10.1.1.0 255.255.255.0
nat (guests) 1 192.168.100.0 255.255.255.0
# Finally for reference a default route is defined to the Internet.
route outside 0.0.0.0 0.0.0.0 172.16.1.2 1
# Default configuration lines have been omitted.
Corresponding switch configuration for trunking to ASA
This configuration shows the switchport configuration for the port that is physically connected to the ASA's Ethernet0/2 interface.
# On this interface we need to turn on trunking using 802.1q. We then define the vlans we need to trunk, in this case 10 and 98.
# The trunk native vlan by default is vlan 1. If vlan 1 was needed to be used on the ASA, we would have needed to set the native vlan
# to something else with an additional statement of switchport trunk native vlan xx.
# This snippet was taken from a 3750 running 12.2.25 IOS.
description ASA 5510 Ethernet0/2 - DMZ and Guests Vlans trunked
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,98
switchport mode trunk
no ip address
no mdix auto