Solved

ASA5505 Config

Posted on 2014-09-12
9
169 Views
Last Modified: 2015-01-28
I have a Cisco SG300 (Small Business Switch) and an ASA5505 with the Security Plus license.  I have two VLANS created on the SG300 and am trying to bring both into the ASA on port e0/4.  When I change port 0/4 from "switchport mode access" to "switchport mode trunk", I lose my connection to everything on port 4 (My inside network).  

I precede the "switchport mode trunk" command with "switchport trunk allowed vlan 1,3" but I still lose all connectivity on that port.

What am I missing?

Tx

Bill
0
Comment
Question by:labdunn
  • 4
  • 4
9 Comments
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319296
You're trunking on the switch port connected to the ASA right?
0
 
LVL 1

Author Comment

by:labdunn
ID: 40319560
yes.
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319662
Can you post the configs?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 4

Expert Comment

by:exploitedj
ID: 40320030
I'm going to assume some basic things...

You have checked the encapsulation on both sides (the switch port and the ASA port being used as the trunk).
You have checked the VLANs are allowed to communicate to one another on the ASA.

As an aside, it is recommended to avoid using VLAN 1. Long history of garbage "features" being put in that VLAN by default.

A few more questions:
What mode is the switch in?
Before you try to limit access to specific VLANs, does intra-VLAN communication work?
On the ASA, what is the output of "show route" and "show ip add" and  "show run int vlan xx"?
"Show run int yy" for whatever your interfaces are.
0
 
LVL 1

Author Comment

by:labdunn
ID: 40320100
Here a sanitized ASA config and a snapshot of the switch's VLAN config.  The ASA's port 4 is connected to the switch's port 8.  When I change the asa's port 4 to switchport mode trunk, I lose the connection to the switch.
SFCASA.TXT
SF300.pdf
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40323555
I would think you would want both VLANs on port 8 to be tagged in the trunk. It looks like one is an access and one is tagged. I would think you would want both tagged for that interface. I also am wondering if the SF300 is acting as a layer 2 or 3 device. Do you know?

 I am not used to using GUIs to manage switches, so please bear with me, or if possible, upload the txt version of the SF300 or at least more info on the VLAN and interface settings from the GUI.
0
 
LVL 1

Accepted Solution

by:
labdunn earned 0 total points
ID: 40327598
Turns out the command I was missing was this
switcport trunk native vlan 1
The other commands were
switchport trunk allowd vlan 1,3
switchport mode trunk

I suspect the Native keyword tags that VLAN but I'm not certain.  I don't think any of the Cisco Small Business devices including the SG have a GUI interface.

Thank you for your help.

Bill
0
 
LVL 1

Author Closing Comment

by:labdunn
ID: 40336172
Self provided
0
 

Expert Comment

by:Matt Wardle
ID: 40574925
switchport trunk native vlan 1 will tell the trunk what vlan to send out data thats non tagged.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question