Link to home
Start Free TrialLog in
Avatar of Jeffrey Proulx
Jeffrey ProulxFlag for United States of America

asked on

Cisco VLAN trunk ASA5510 to Catalyst 3550.

I am working on a project where an ASA5510 needs to be configured with multiple VLANs on a single physical interface. This has been configured using the sub interfaces with no issue. The port is then being connected to a Catalyst 3550. The switchport on the 3550 has been set to trunk mode using dot1q encapsulation. For some reason I cannot get any traffic to pass between the devices over any VLAN.

Any help is appreciated.


ASA5510 config:
 
!
interface Ethernet0/1
 description Physical DMZ Interface.
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 description External Wireless DMZ
 vlan 8
 nameif dmz-wireless
 security-level 10
 ip address 172.17.8.1 255.255.255.0
!
interface Ethernet0/1.2
 description Remote Access DMZ
 vlan 9
 nameif dmz-ra
 security-level 75
 ip address 172.17.9.1 255.255.255.0
!
interface Ethernet0/1.3
 description External Server DMZ
 vlan 10
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0
!
 
 
Catalyst 3550 Config:
 
!
interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 no ip address
 snmp trap link-status
!

Open in new window

Avatar of Jinx_IT
Jinx_IT
Flag of Australia image
My thoughts,

I wouldnt use sub interfaces on the ASA, I'd do something like the following

on the ASA setup all your Vlans as interfaces, and then set your for E0/1 as a trunk..for example...

Interface Vlan 10
 description **********
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0

Interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk

I would also change the 3550

interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk
 no ip address
 snmp trap link-status




Avatar of kanlue
kanlue
Flag of United States of America image
while looking into this issue, i found the following link in EE that will give you some good idea:
-------------
Cisco ASA 5520 traffic to subinterface not working
https://www.experts-exchange.com/questions/22414323/Cisco-ASA-5520-traffic-to-subinterface-not-working.html
-------------
please check it out.

hope it helps.


ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Proulx
Jeffrey Proulx
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of kanlue
kanlue
Flag of United States of America image
thanks for the update.