Improve company productivity with a Business Account.Sign Up

x
?
Solved

ASA5505 Config

Posted on 2014-09-12
9
Medium Priority
?
175 Views
Last Modified: 2015-01-28
I have a Cisco SG300 (Small Business Switch) and an ASA5505 with the Security Plus license.  I have two VLANS created on the SG300 and am trying to bring both into the ASA on port e0/4.  When I change port 0/4 from "switchport mode access" to "switchport mode trunk", I lose my connection to everything on port 4 (My inside network).  

I precede the "switchport mode trunk" command with "switchport trunk allowed vlan 1,3" but I still lose all connectivity on that port.

What am I missing?

Tx

Bill
0
Comment
Question by:labdunn
  • 4
  • 4
9 Comments
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319296
You're trunking on the switch port connected to the ASA right?
0
 
LVL 1

Author Comment

by:labdunn
ID: 40319560
yes.
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319662
Can you post the configs?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
LVL 4

Expert Comment

by:exploitedj
ID: 40320030
I'm going to assume some basic things...

You have checked the encapsulation on both sides (the switch port and the ASA port being used as the trunk).
You have checked the VLANs are allowed to communicate to one another on the ASA.

As an aside, it is recommended to avoid using VLAN 1. Long history of garbage "features" being put in that VLAN by default.

A few more questions:
What mode is the switch in?
Before you try to limit access to specific VLANs, does intra-VLAN communication work?
On the ASA, what is the output of "show route" and "show ip add" and  "show run int vlan xx"?
"Show run int yy" for whatever your interfaces are.
0
 
LVL 1

Author Comment

by:labdunn
ID: 40320100
Here a sanitized ASA config and a snapshot of the switch's VLAN config.  The ASA's port 4 is connected to the switch's port 8.  When I change the asa's port 4 to switchport mode trunk, I lose the connection to the switch.
SFCASA.TXT
SF300.pdf
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40323555
I would think you would want both VLANs on port 8 to be tagged in the trunk. It looks like one is an access and one is tagged. I would think you would want both tagged for that interface. I also am wondering if the SF300 is acting as a layer 2 or 3 device. Do you know?

 I am not used to using GUIs to manage switches, so please bear with me, or if possible, upload the txt version of the SF300 or at least more info on the VLAN and interface settings from the GUI.
0
 
LVL 1

Accepted Solution

by:
labdunn earned 0 total points
ID: 40327598
Turns out the command I was missing was this
switcport trunk native vlan 1
The other commands were
switchport trunk allowd vlan 1,3
switchport mode trunk

I suspect the Native keyword tags that VLAN but I'm not certain.  I don't think any of the Cisco Small Business devices including the SG have a GUI interface.

Thank you for your help.

Bill
0
 
LVL 1

Author Closing Comment

by:labdunn
ID: 40336172
Self provided
0
 

Expert Comment

by:Matt Wardle
ID: 40574925
switchport trunk native vlan 1 will tell the trunk what vlan to send out data thats non tagged.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question