Solved

Cisco VLAN trunk ASA5510 to Catalyst 3550.

Posted on 2008-06-13
5
10,111 Views
Last Modified: 2012-08-13
I am working on a project where an ASA5510 needs to be configured with multiple VLANs on a single physical interface. This has been configured using the sub interfaces with no issue. The port is then being connected to a Catalyst 3550. The switchport on the 3550 has been set to trunk mode using dot1q encapsulation. For some reason I cannot get any traffic to pass between the devices over any VLAN.

Any help is appreciated.


ASA5510 config:
 
!
interface Ethernet0/1
 description Physical DMZ Interface.
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 description External Wireless DMZ
 vlan 8
 nameif dmz-wireless
 security-level 10
 ip address 172.17.8.1 255.255.255.0
!
interface Ethernet0/1.2
 description Remote Access DMZ
 vlan 9
 nameif dmz-ra
 security-level 75
 ip address 172.17.9.1 255.255.255.0
!
interface Ethernet0/1.3
 description External Server DMZ
 vlan 10
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0
!
 
 
Catalyst 3550 Config:
 
!
interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 no ip address
 snmp trap link-status
!

Open in new window

0
Comment
Question by:jmproulx
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Jinx_IT
ID: 21784279
My thoughts,

I wouldnt use sub interfaces on the ASA, I'd do something like the following

on the ASA setup all your Vlans as interfaces, and then set your for E0/1 as a trunk..for example...

Interface Vlan 10
 description **********
 nameif dmz-server
 security-level 50
 ip address 172.17.10.1 255.255.255.0

Interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk

I would also change the 3550

interface GigabitEthernet0/3
 description Connection to ma-fw-01 for DMZ VLANs
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 8,9,10
 switchport mode trunk
 no ip address
 snmp trap link-status




0
 
LVL 7

Expert Comment

by:kanlue
ID: 21784545
while looking into this issue, i found the following link in EE that will give you some good idea:
-------------
Cisco ASA 5520 traffic to subinterface not working
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22414323.html
-------------
please check it out.

hope it helps.


0
 

Accepted Solution

by:
jmproulx earned 0 total points
ID: 21835749
Well after a few different attempts at getting this to work, I realized that it may be an issue with the IOS version. After upgrading the IOS on the Catalyst 3550 to a new version the original configuration worked like a charm. Originally the IOS was an older version of the 12.1 tree, the updated version I moved to was a newer version in the 12.2 tree.

Thanks for the help and suggestions.
0
 
LVL 7

Expert Comment

by:kanlue
ID: 21835761
thanks for the update.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Direct Access 2012R2 Two Network Card Configuration Behind TMG 2010 3 49
Setting up a VPN 60 137
Looking for open port with Telnet 5 57
md5 password 3 61
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question