Solved

ASA5505 Config

Posted on 2014-09-12
9
166 Views
Last Modified: 2015-01-28
I have a Cisco SG300 (Small Business Switch) and an ASA5505 with the Security Plus license.  I have two VLANS created on the SG300 and am trying to bring both into the ASA on port e0/4.  When I change port 0/4 from "switchport mode access" to "switchport mode trunk", I lose my connection to everything on port 4 (My inside network).  

I precede the "switchport mode trunk" command with "switchport trunk allowed vlan 1,3" but I still lose all connectivity on that port.

What am I missing?

Tx

Bill
0
Comment
Question by:labdunn
  • 4
  • 4
9 Comments
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319296
You're trunking on the switch port connected to the ASA right?
0
 
LVL 1

Author Comment

by:labdunn
ID: 40319560
yes.
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319662
Can you post the configs?
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40320030
I'm going to assume some basic things...

You have checked the encapsulation on both sides (the switch port and the ASA port being used as the trunk).
You have checked the VLANs are allowed to communicate to one another on the ASA.

As an aside, it is recommended to avoid using VLAN 1. Long history of garbage "features" being put in that VLAN by default.

A few more questions:
What mode is the switch in?
Before you try to limit access to specific VLANs, does intra-VLAN communication work?
On the ASA, what is the output of "show route" and "show ip add" and  "show run int vlan xx"?
"Show run int yy" for whatever your interfaces are.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:labdunn
ID: 40320100
Here a sanitized ASA config and a snapshot of the switch's VLAN config.  The ASA's port 4 is connected to the switch's port 8.  When I change the asa's port 4 to switchport mode trunk, I lose the connection to the switch.
SFCASA.TXT
SF300.pdf
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40323555
I would think you would want both VLANs on port 8 to be tagged in the trunk. It looks like one is an access and one is tagged. I would think you would want both tagged for that interface. I also am wondering if the SF300 is acting as a layer 2 or 3 device. Do you know?

 I am not used to using GUIs to manage switches, so please bear with me, or if possible, upload the txt version of the SF300 or at least more info on the VLAN and interface settings from the GUI.
0
 
LVL 1

Accepted Solution

by:
labdunn earned 0 total points
ID: 40327598
Turns out the command I was missing was this
switcport trunk native vlan 1
The other commands were
switchport trunk allowd vlan 1,3
switchport mode trunk

I suspect the Native keyword tags that VLAN but I'm not certain.  I don't think any of the Cisco Small Business devices including the SG have a GUI interface.

Thank you for your help.

Bill
0
 
LVL 1

Author Closing Comment

by:labdunn
ID: 40336172
Self provided
0
 

Expert Comment

by:Matt Wardle
ID: 40574925
switchport trunk native vlan 1 will tell the trunk what vlan to send out data thats non tagged.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now