Solved

Cisco VLAN trunk ASA5510 to Catalyst 3550.

Posted on 2008-06-13
5
10,112 Views
Last Modified: 2012-08-13
I am working on a project where an ASA5510 needs to be configured with multiple VLANs on a single physical interface. This has been configured using the sub interfaces with no issue. The port is then being connected to a Catalyst 3550. The switchport on the 3550 has been set to trunk mode using dot1q encapsulation. For some reason I cannot get any traffic to pass between the devices over any VLAN.

Any help is appreciated.


ASA5510 config:
 
!
interface Ethernet0/1
 description Physical DMZ Interface.
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 description External Wireless DMZ
 vlan 8
 nameif dmz-wireless
 security-level 10
 ip address 172.17.8.1 255.255.255.0
!
interface Ethernet0/1.2
 description Remote Access DMZ
 vlan 9
 nameif dmz-ra
 security-level 75
 ip address 172.17.9.1 255.255.255.0
!
interface Ethernet0/1.3
 description External Server DMZ
 vlan 10
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0
!
 
 
Catalyst 3550 Config:
 
!
interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 no ip address
 snmp trap link-status
!

Open in new window

0
Comment
Question by:jmproulx
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Jinx_IT
ID: 21784279
My thoughts,

I wouldnt use sub interfaces on the ASA, I'd do something like the following

on the ASA setup all your Vlans as interfaces, and then set your for E0/1 as a trunk..for example...

Interface Vlan 10
 description **********
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0

Interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk

I would also change the 3550

interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk
 no ip address
 snmp trap link-status




0
 
LVL 7

Expert Comment

by:kanlue
ID: 21784545
while looking into this issue, i found the following link in EE that will give you some good idea:
-------------
Cisco ASA 5520 traffic to subinterface not working
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22414323.html
-------------
please check it out.

hope it helps.


0
 

Accepted Solution

by:
jmproulx earned 0 total points
ID: 21835749
Well after a few different attempts at getting this to work, I realized that it may be an issue with the IOS version. After upgrading the IOS on the Catalyst 3550 to a new version the original configuration worked like a charm. Originally the IOS was an older version of the 12.1 tree, the updated version I moved to was a newer version in the 12.2 tree.

Thanks for the help and suggestions.
0
 
LVL 7

Expert Comment

by:kanlue
ID: 21835761
thanks for the update.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question