[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Cisco VLAN trunk ASA5510 to Catalyst 3550.

Posted on 2008-06-13
5
Medium Priority
?
10,132 Views
Last Modified: 2012-08-13
I am working on a project where an ASA5510 needs to be configured with multiple VLANs on a single physical interface. This has been configured using the sub interfaces with no issue. The port is then being connected to a Catalyst 3550. The switchport on the 3550 has been set to trunk mode using dot1q encapsulation. For some reason I cannot get any traffic to pass between the devices over any VLAN.

Any help is appreciated.


ASA5510 config:
 
!
interface Ethernet0/1
 description Physical DMZ Interface.
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 description External Wireless DMZ
 vlan 8
 nameif dmz-wireless
 security-level 10
 ip address 172.17.8.1 255.255.255.0
!
interface Ethernet0/1.2
 description Remote Access DMZ
 vlan 9
 nameif dmz-ra
 security-level 75
 ip address 172.17.9.1 255.255.255.0
!
interface Ethernet0/1.3
 description External Server DMZ
 vlan 10
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0
!
 
 
Catalyst 3550 Config:
 
!
interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 no ip address
 snmp trap link-status
!

Open in new window

0
Comment
Question by:Jeffrey Proulx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Jinx_IT
ID: 21784279
My thoughts,

I wouldnt use sub interfaces on the ASA, I'd do something like the following

on the ASA setup all your Vlans as interfaces, and then set your for E0/1 as a trunk..for example...

Interface Vlan 10
 description **********
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0

Interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk

I would also change the 3550

interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk
 no ip address
 snmp trap link-status




0
 
LVL 7

Expert Comment

by:kanlue
ID: 21784545
while looking into this issue, i found the following link in EE that will give you some good idea:
-------------
Cisco ASA 5520 traffic to subinterface not working
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22414323.html
-------------
please check it out.

hope it helps.


0
 

Accepted Solution

by:
Jeffrey Proulx earned 0 total points
ID: 21835749
Well after a few different attempts at getting this to work, I realized that it may be an issue with the IOS version. After upgrading the IOS on the Catalyst 3550 to a new version the original configuration worked like a charm. Originally the IOS was an older version of the 12.1 tree, the updated version I moved to was a newer version in the 12.2 tree.

Thanks for the help and suggestions.
0
 
LVL 7

Expert Comment

by:kanlue
ID: 21835761
thanks for the update.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
This program is used to assist in finding and resolving common problems with wireless connections.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question