Solved

ASA5505 Config

Posted on 2014-09-12
9
171 Views
Last Modified: 2015-01-28
I have a Cisco SG300 (Small Business Switch) and an ASA5505 with the Security Plus license.  I have two VLANS created on the SG300 and am trying to bring both into the ASA on port e0/4.  When I change port 0/4 from "switchport mode access" to "switchport mode trunk", I lose my connection to everything on port 4 (My inside network).  

I precede the "switchport mode trunk" command with "switchport trunk allowed vlan 1,3" but I still lose all connectivity on that port.

What am I missing?

Tx

Bill
0
Comment
Question by:labdunn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319296
You're trunking on the switch port connected to the ASA right?
0
 
LVL 1

Author Comment

by:labdunn
ID: 40319560
yes.
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40319662
Can you post the configs?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 4

Expert Comment

by:exploitedj
ID: 40320030
I'm going to assume some basic things...

You have checked the encapsulation on both sides (the switch port and the ASA port being used as the trunk).
You have checked the VLANs are allowed to communicate to one another on the ASA.

As an aside, it is recommended to avoid using VLAN 1. Long history of garbage "features" being put in that VLAN by default.

A few more questions:
What mode is the switch in?
Before you try to limit access to specific VLANs, does intra-VLAN communication work?
On the ASA, what is the output of "show route" and "show ip add" and  "show run int vlan xx"?
"Show run int yy" for whatever your interfaces are.
0
 
LVL 1

Author Comment

by:labdunn
ID: 40320100
Here a sanitized ASA config and a snapshot of the switch's VLAN config.  The ASA's port 4 is connected to the switch's port 8.  When I change the asa's port 4 to switchport mode trunk, I lose the connection to the switch.
SFCASA.TXT
SF300.pdf
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40323555
I would think you would want both VLANs on port 8 to be tagged in the trunk. It looks like one is an access and one is tagged. I would think you would want both tagged for that interface. I also am wondering if the SF300 is acting as a layer 2 or 3 device. Do you know?

 I am not used to using GUIs to manage switches, so please bear with me, or if possible, upload the txt version of the SF300 or at least more info on the VLAN and interface settings from the GUI.
0
 
LVL 1

Accepted Solution

by:
labdunn earned 0 total points
ID: 40327598
Turns out the command I was missing was this
switcport trunk native vlan 1
The other commands were
switchport trunk allowd vlan 1,3
switchport mode trunk

I suspect the Native keyword tags that VLAN but I'm not certain.  I don't think any of the Cisco Small Business devices including the SG have a GUI interface.

Thank you for your help.

Bill
0
 
LVL 1

Author Closing Comment

by:labdunn
ID: 40336172
Self provided
0
 

Expert Comment

by:Matt Wardle
ID: 40574925
switchport trunk native vlan 1 will tell the trunk what vlan to send out data thats non tagged.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question