Cisco ASA 5505 won't communicate with vlan 1 down trunk

I cannot get my ASA to communicate to my vlan 1 on my switch but my other vlans work correctly.

Here is my running-config

ASA Version 9.1(1)
!
hostname ciscoasa
enable password xxxxx encrypted
passwd xxxxx encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 shutdown
!
interface Ethernet0/2
 switchport trunk allowed vlan 1-5,100
 switchport mode trunk
!
interface Ethernet0/3
 switchport access vlan 3
!
interface Ethernet0/4
 shutdown
!
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 description Outside traffic
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Vlan3
 nameif servers
 security-level 100
 ip address 10.10.10.1 255.255.255.0
!
interface Vlan4
 nameif dmz
 security-level 50
 ip address 10.10.20.1 255.255.255.0
!
interface Vlan100
 no nameif
 no security-level
 ip address 192.168.67.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network inside-subnet
 subnet 192.168.1.0 255.255.255.0
object network server-lan
 subnet 10.10.10.0 255.255.255.0
access-list Local_LAN_Access standard permit 192.168.1.0 255.255.255.0
access-list 100 extended permit ip any any
pager lines 24
mtu inside 1500
mtu outside 1500
mtu servers 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network inside-subnet
 nat (inside,outside) dynamic interface dns
object network server-lan
 nat (servers,outside) dynamic interface dns
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 servers
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-4.1.06020-k9.pkg 3
 anyconnect image disk0:/anyconnect-macosx-i386-4.1.06020-k9.pkg 4
 anyconnect enable
 tunnel-group-list enable
 ssl-server-check warn-on-failure
group-policy AnyConnect internal
group-policy AnyConnect attributes
 banner value Brad's VPN
 dns-server value 209.18.47.61 209.18.47.62
 vpn-idle-timeout 30
 vpn-tunnel-protocol ssl-client
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Local_LAN_Access
 default-domain none
 split-tunnel-all-dns disable
 client-bypass-protocol disable
 webvpn
  anyconnect ssl dtls enable
  anyconnect keep-installer installed
  anyconnect ssl keepalive 20
  anyconnect ssl compression none
  anyconnect dtls compression lzs
  anyconnect ask enable default anyconnect timeout 30
  anyconnect ssl df-bit-ignore disable
  always-on-vpn profile-setting

!
!
prompt hostname context
LVL 2
Bradley BishopAssociate Product DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
Will need to see the switch config as well.
0
Bradley BishopAssociate Product DeveloperAuthor Commented:
switch config ASA goes into gigabit 0/1:

bradhomesw#sh run
Building configuration...

Current configuration : 4660 bytes
!
! Last configuration change at 02:13:17 UTC Mon Mar 1 1993 by brad
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname bradhomesw
!
boot-start-marker
boot-end-marker
!

!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
system mtu routing 1500
ip dhcp excluded-address 192.168.1.1 192.168.1.15
ip dhcp excluded-address 10.10.10.1 10.10.10.15
ip dhcp excluded-address 10.10.20.1 10.10.20.15
ip dhcp excluded-address 10.10.1.1 10.10.1.15
!
ip dhcp pool home
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 209.18.47.61 209.18.47.62
!
ip dhcp pool prod
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 209.18.47.61 209.18.47.62
!
ip dhcp pool dmz
   network 10.10.20.0 255.255.255.0
   default-router 10.10.20.1
   dns-server 209.18.47.61 209.18.47.62
!
!
ip domain-name switch
!
!
crypto pki trustpoint TP-self-signed-811135744
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-811135744
 revocation-check none
 rsakeypair TP-self-signed-811135744
!
!
crypto pki certificate chain TP-self-signed-811135744
 certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 38313131 33353734 34301E17 0D393330 33303130 30303035
  375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3831 31313335
  37343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  B94A60C6 EFA17AF1 6AF37C43 A8C75C31 0744089B A3A4290B B2716ADB 71213278
  C7386EE5 52FD0ED1 84569E12 03B13E8F 85C8E45F 3403F810 57F59EAA DB3D0C6E
  13FF9DD0 AF262527 8AD0D537 69EFEFA4 75DF4D05 09E642DC 27F19DF5 9BB56B1A
  EE0CE5D5 2D38F5BD 9939F7C1 C9168463 FC80A95C BCB10288 890532AE DFBA48A3
  02030100 01A37130 6F300F06 03551D13 0101FF04 05300301 01FF301C 0603551D
  11041530 13821162 72616468 6F6D6573 772E7377 69746368 301F0603 551D2304
  18301680 14CD68B5 5CC07840 4A7B5811 5E731175 FC515991 57301D06 03551D0E
  04160414 CD68B55C C078404A 7B58115E 731175FC 51599157 300D0609 2A864886
  F70D0101 04050003 81810007 22B933B5 6CA53EC2 C8BED970 E2A7AF17 B7964F57
  C4DE84A2 0D49B48A A1B9A37C 30AC4AB0 A14A5240 9325CD55 29660A1E F59EFC58
  707A4686 7AD85FA7 9E1B2FCA 522BE5E5 EF0F40AC 493026BF A4326A16 7A1842C5
  435179B2 DB4DBFFB D7337DD2 E4FFAF1B 643699AC BAB0DB4F 0D2175B5 330133D6
  0C65819E 80C04538 C4EB30
        quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 4
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/5
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/6
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/7
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/8
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/9
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
 switchport trunk allowed vlan 1-5,100
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport access vlan 2
 switchport mode access
!
interface Vlan1
 ip address 192.168.1.2 255.255.255.0
!
interface Vlan2
 description Home Network
 no ip address
!
interface Vlan3
 description Production
 ip address 10.10.10.2 255.255.255.0
!
interface Vlan4
 description dmz
 ip address 10.10.20.2 255.255.255.0
!
interface Vlan100
 description Management
 ip address 10.10.1.2 255.255.255.0
!
ip default-gateway 10.10.10.1
ip http server
ip http secure-server
logging esm config
!
!
!
line con 0
line vty 0 4
 passwordxxx
line vty 5 15
 password xxx
!
end
0
Don JohnstonInstructorCommented:
Configs look okay.

Please post the output of a "show int trunk" on the switch and "show interface" on the ASA.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Bradley BishopAssociate Product DeveloperAuthor Commented:
ASA show interface:

ciscoasa# sh int
Interface Ethernet0/0 "", is up, line protocol is up
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 0025.45d0.2cbd, MTU not set
        IP address unassigned
        454986 packets input, 468804318 bytes, 0 no buffer
        Received 114535 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        0 switch ingress policy drops
        323915 packets output, 25024506 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops
Interface Ethernet0/1 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
        Auto-Duplex, Auto-Speed
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 0025.45d0.2cbe, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops
Interface Ethernet0/2 "", is up, line protocol is up
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 0025.45d0.2cbf, MTU not set
        IP address unassigned
        343151 packets input, 27781633 bytes, 0 no buffer
        Received 391 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        7288 switch ingress policy drops
        455057 packets output, 470279267 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops
Interface Ethernet0/3 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
        Auto-Duplex, Auto-Speed
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 0025.45d0.2cc0, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops
Interface Ethernet0/4 "", is administratively down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
        Auto-Duplex, Auto-Speed
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 0025.45d0.2cc1, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops
Interface Ethernet0/5 "", is administratively down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
        Auto-Duplex, Auto-Speed
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 0025.45d0.2cc2, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops
Interface Ethernet0/6 "", is administratively down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
        Auto-Duplex, Auto-Speed
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 0025.45d0.2cc3, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops
Interface Ethernet0/7 "", is administratively down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
        Auto-Duplex, Auto-Speed
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 0025.45d0.2cc4, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops

Interface Vlan1 "inside", is up, line protocol is up
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        MAC address 0025.45d0.2cc5, MTU 1500
        IP address 192.168.1.1, subnet mask 255.255.255.0
  Traffic Statistics for "inside":
        0 packets input, 0 bytes
        15 packets output, 420 bytes
        0 packets dropped
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  6 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan2 "outside", is up, line protocol is up
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        Description: Outside traffic
        MAC address 0025.45d0.2cc5, MTU 1500
        IP address x.x.x.x, subnet mask 255.255.252.0
  Traffic Statistics for "outside":
        453642 packets input, 460530274 bytes
        320595 packets output, 17285989 bytes
        539 packets dropped
      1 minute input rate 18 pkts/sec,  2487 bytes/sec
      1 minute output rate 4 pkts/sec,  1163 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 571 pkts/sec,  776430 bytes/sec
      5 minute output rate 522 pkts/sec,  21757 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan3 "servers", is up, line protocol is up
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        MAC address 0025.45d0.2cc5, MTU 1500
        IP address 10.10.10.1, subnet mask 255.255.255.0
  Traffic Statistics for "servers":
        321021 packets input, 17312233 bytes
        338190 packets output, 454672927 bytes
        152 packets dropped
      1 minute input rate 4 pkts/sec,  1165 bytes/sec
      1 minute output rate 4 pkts/sec,  1836 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 522 pkts/sec,  21759 bytes/sec
      5 minute output rate 553 pkts/sec,  775467 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan4 "dmz", is up, line protocol is up
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        MAC address 0025.45d0.2cc5, MTU 1500
        IP address 10.10.20.1, subnet mask 255.255.255.0
  Traffic Statistics for "dmz":
        0 packets input, 0 bytes
        0 packets output, 0 bytes
        0 packets dropped
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan6 "", is down, line protocol is down
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        Available but not configured via nameif
0
Bradley BishopAssociate Product DeveloperAuthor Commented:
Switch show int trunk:

bradhomesw#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-5,100

Port        Vlans allowed and active in management domain
Gi0/1       1-4,100

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1-4,100
0
Joey YungSenior Network EngineerCommented:
Try to add the native vlan 1 on the asa e0/2. As I remember it is not the default config on asa switchport.

"switchport trunk native vlan 1"
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bradley BishopAssociate Product DeveloperAuthor Commented:
That did it! Thank you so much! So close haha
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.