Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASA5505 Config

Posted on 2014-09-12
9
Medium Priority
?
172 Views
Last Modified: 2015-01-28
I have a Cisco SG300 (Small Business Switch) and an ASA5505 with the Security Plus license.  I have two VLANS created on the SG300 and am trying to bring both into the ASA on port e0/4.  When I change port 0/4 from "switchport mode access" to "switchport mode trunk", I lose my connection to everything on port 4 (My inside network).  

I precede the "switchport mode trunk" command with "switchport trunk allowed vlan 1,3" but I still lose all connectivity on that port.

What am I missing?

Tx

Bill
0
Comment
Question by:labdunn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319296
You're trunking on the switch port connected to the ASA right?
0
 
LVL 1

Author Comment

by:labdunn
ID: 40319560
yes.
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319662
Can you post the configs?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 4

Expert Comment

by:exploitedj
ID: 40320030
I'm going to assume some basic things...

You have checked the encapsulation on both sides (the switch port and the ASA port being used as the trunk).
You have checked the VLANs are allowed to communicate to one another on the ASA.

As an aside, it is recommended to avoid using VLAN 1. Long history of garbage "features" being put in that VLAN by default.

A few more questions:
What mode is the switch in?
Before you try to limit access to specific VLANs, does intra-VLAN communication work?
On the ASA, what is the output of "show route" and "show ip add" and  "show run int vlan xx"?
"Show run int yy" for whatever your interfaces are.
0
 
LVL 1

Author Comment

by:labdunn
ID: 40320100
Here a sanitized ASA config and a snapshot of the switch's VLAN config.  The ASA's port 4 is connected to the switch's port 8.  When I change the asa's port 4 to switchport mode trunk, I lose the connection to the switch.
SFCASA.TXT
SF300.pdf
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40323555
I would think you would want both VLANs on port 8 to be tagged in the trunk. It looks like one is an access and one is tagged. I would think you would want both tagged for that interface. I also am wondering if the SF300 is acting as a layer 2 or 3 device. Do you know?

 I am not used to using GUIs to manage switches, so please bear with me, or if possible, upload the txt version of the SF300 or at least more info on the VLAN and interface settings from the GUI.
0
 
LVL 1

Accepted Solution

by:
labdunn earned 0 total points
ID: 40327598
Turns out the command I was missing was this
switcport trunk native vlan 1
The other commands were
switchport trunk allowd vlan 1,3
switchport mode trunk

I suspect the Native keyword tags that VLAN but I'm not certain.  I don't think any of the Cisco Small Business devices including the SG have a GUI interface.

Thank you for your help.

Bill
0
 
LVL 1

Author Closing Comment

by:labdunn
ID: 40336172
Self provided
0
 

Expert Comment

by:Matt Wardle
ID: 40574925
switchport trunk native vlan 1 will tell the trunk what vlan to send out data thats non tagged.
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question