?
Solved

Cisco VLAN trunk ASA5510 to Catalyst 3550.

Posted on 2008-06-13
5
Medium Priority
?
10,127 Views
Last Modified: 2012-08-13
I am working on a project where an ASA5510 needs to be configured with multiple VLANs on a single physical interface. This has been configured using the sub interfaces with no issue. The port is then being connected to a Catalyst 3550. The switchport on the 3550 has been set to trunk mode using dot1q encapsulation. For some reason I cannot get any traffic to pass between the devices over any VLAN.

Any help is appreciated.


ASA5510 config:
 
!
interface Ethernet0/1
 description Physical DMZ Interface.
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 description External Wireless DMZ
 vlan 8
 nameif dmz-wireless
 security-level 10
 ip address 172.17.8.1 255.255.255.0
!
interface Ethernet0/1.2
 description Remote Access DMZ
 vlan 9
 nameif dmz-ra
 security-level 75
 ip address 172.17.9.1 255.255.255.0
!
interface Ethernet0/1.3
 description External Server DMZ
 vlan 10
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0
!
 
 
Catalyst 3550 Config:
 
!
interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 no ip address
 snmp trap link-status
!

Open in new window

0
Comment
Question by:Jeffrey Proulx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Jinx_IT
ID: 21784279
My thoughts,

I wouldnt use sub interfaces on the ASA, I'd do something like the following

on the ASA setup all your Vlans as interfaces, and then set your for E0/1 as a trunk..for example...

Interface Vlan 10
 description **********
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0

Interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk

I would also change the 3550

interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk
 no ip address
 snmp trap link-status




0
 
LVL 7

Expert Comment

by:kanlue
ID: 21784545
while looking into this issue, i found the following link in EE that will give you some good idea:
-------------
Cisco ASA 5520 traffic to subinterface not working
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22414323.html
-------------
please check it out.

hope it helps.


0
 

Accepted Solution

by:
Jeffrey Proulx earned 0 total points
ID: 21835749
Well after a few different attempts at getting this to work, I realized that it may be an issue with the IOS version. After upgrading the IOS on the Catalyst 3550 to a new version the original configuration worked like a charm. Originally the IOS was an older version of the 12.1 tree, the updated version I moved to was a newer version in the 12.2 tree.

Thanks for the help and suggestions.
0
 
LVL 7

Expert Comment

by:kanlue
ID: 21835761
thanks for the update.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This program is used to assist in finding and resolving common problems with wireless connections.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question