jgrammer42
asked on
2960 not recognizing subinterface configuraton of 5510
I can NOT get my Cisco 2960 switch to respond to my Cisco 5510 ASA if I configure the 5510 using subinterfaces. It works just fine when I set the IP address to the physical interface on the 5510. But if I subinterface and give it a VLAN ID the 2960 is NOT able to ping that 5510 any longer.
I have done this time and time again using a 3650 Catalyst switch so this is my first time doing it with a 2960. What am I missing in my configuration below?
In fact the Cisco 2960 will not even ping its OWN VLAN IP address.
The IP address of the Cisco 2960 is : 10.100.50.11 255.255.255.0
The IP address of the Cisco 5510 is: 10.100.50.10 255.255.255.0
Here is all of the configuration and the ping test results.
**** Cisco 2960 Info ****
interface FastEthernet0/1
description This port is for segmented VLAN
switchport access vlan 50
switchport trunk native vlan 50
switchport trunk allowed vlan 50
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
interface Vlan50
description This is the VLAN
ip address 10.100.50.11 255.255.255.0
**** Ping test ****
CISCO-2960-D1(config-if)#d
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.11, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO-2960-D1(config-if)#
CISCO-2960-D1(config-if)#d
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO-2960-D1(config-if)#
**** Interface status *****
CISCO-2960-D1(config-if)#d
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0042.5a48.dc01 (bia 0042.5a48.dc01)
Description: This port is for VLAN
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 4d20h, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
262589 packets input, 37966274 bytes, 0 no buffer
Received 49516 broadcasts (25319 multicasts)
46957 runts, 0 giants, 0 throttles
46957 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 25319 multicast, 0 pause input
0 input packets with dribble condition detected
379994 packets output, 74472357 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
**** ASA 5510 Info ****
interface Ethernet0/3
description Used for subinterfaced networks
speed 100
duplex full
nameif sub_networks
security-level 50
no ip address
!
interface Ethernet0/3.50
vlan 50
nameif VLANTEST
security-level 50
ip address 10.100.50.10 255.255.255.0
!
**** Interface status ****
Interface Ethernet0/3.50 "VLANTEST", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
VLAN identifier 50
Description: VLAN Tests
MAC address 001f.ca97.3ab7, MTU 1500
IP address 10.100.50.10, subnet mask 255.255.255.0
Traffic Statistics for "VLANTEST":
0 packets input, 0 bytes
16 packets output, 448 bytes
0 packets dropped
**** Ping Test ****
CISCO-Regional-ASA# ping 10.100.50.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.11, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
Thank you for any help in advance,
Jeff
I have done this time and time again using a 3650 Catalyst switch so this is my first time doing it with a 2960. What am I missing in my configuration below?
In fact the Cisco 2960 will not even ping its OWN VLAN IP address.
The IP address of the Cisco 2960 is : 10.100.50.11 255.255.255.0
The IP address of the Cisco 5510 is: 10.100.50.10 255.255.255.0
Here is all of the configuration and the ping test results.
**** Cisco 2960 Info ****
interface FastEthernet0/1
description This port is for segmented VLAN
switchport access vlan 50
switchport trunk native vlan 50
switchport trunk allowed vlan 50
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
interface Vlan50
description This is the VLAN
ip address 10.100.50.11 255.255.255.0
**** Ping test ****
CISCO-2960-D1(config-if)#d
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.11, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO-2960-D1(config-if)#
CISCO-2960-D1(config-if)#d
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO-2960-D1(config-if)#
**** Interface status *****
CISCO-2960-D1(config-if)#d
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0042.5a48.dc01 (bia 0042.5a48.dc01)
Description: This port is for VLAN
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 4d20h, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
262589 packets input, 37966274 bytes, 0 no buffer
Received 49516 broadcasts (25319 multicasts)
46957 runts, 0 giants, 0 throttles
46957 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 25319 multicast, 0 pause input
0 input packets with dribble condition detected
379994 packets output, 74472357 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
**** ASA 5510 Info ****
interface Ethernet0/3
description Used for subinterfaced networks
speed 100
duplex full
nameif sub_networks
security-level 50
no ip address
!
interface Ethernet0/3.50
vlan 50
nameif VLANTEST
security-level 50
ip address 10.100.50.10 255.255.255.0
!
**** Interface status ****
Interface Ethernet0/3.50 "VLANTEST", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
VLAN identifier 50
Description: VLAN Tests
MAC address 001f.ca97.3ab7, MTU 1500
IP address 10.100.50.10, subnet mask 255.255.255.0
Traffic Statistics for "VLANTEST":
0 packets input, 0 bytes
16 packets output, 448 bytes
0 packets dropped
**** Ping Test ****
CISCO-Regional-ASA# ping 10.100.50.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.11, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
Thank you for any help in advance,
Jeff
ASKER
Predrag,
I made that change on the 2960 interface.
But that made no difference. The 2960 still will not ping the ASA nor even itself.
The 2960 port now is configured as this:
interface FastEthernet0/1
switchport trunk allowed vlan 50
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
!
CISCO-2960-D1(config-if)#d
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO-2960-D1(config-if)#
CISCO-2960-D1(config-if)#d
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.11, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO-2960-D1(config-if)#
BTW, yes, I DO have a VLAN 1 configured, and it is working just fine on the other ports.
**** other 2960 switch configuration *****
interface FastEthernet0/48
switchport trunk allowed vlan 1
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport trunk allowed vlan 1
switchport mode trunk
switchport nonegotiate
!
interface Vlan1
ip address 172.21.2.1 255.255.0.0
no ip route-cache
I made that change on the 2960 interface.
But that made no difference. The 2960 still will not ping the ASA nor even itself.
The 2960 port now is configured as this:
interface FastEthernet0/1
switchport trunk allowed vlan 50
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
!
CISCO-2960-D1(config-if)#d
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO-2960-D1(config-if)#
CISCO-2960-D1(config-if)#d
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.50.11, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO-2960-D1(config-if)#
BTW, yes, I DO have a VLAN 1 configured, and it is working just fine on the other ports.
**** other 2960 switch configuration *****
interface FastEthernet0/48
switchport trunk allowed vlan 1
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport trunk allowed vlan 1
switchport mode trunk
switchport nonegotiate
!
interface Vlan1
ip address 172.21.2.1 255.255.0.0
no ip route-cache
nor even itself?
2960 by default is L2 device...
check
sh ip int brief
is interface is up up state?
Switch will ping from lowest interface address (or the only active interface VLAN).
Additionally, you need to configure default gateway if you want to ping out of switch management range.
if ip routing is configured, you need to configure static routes.
2960 by default is L2 device...
check
sh ip int brief
is interface is up up state?
Switch will ping from lowest interface address (or the only active interface VLAN).
Additionally, you need to configure default gateway if you want to ping out of switch management range.
if ip routing is configured, you need to configure static routes.
ASKER
Predrag,
The interface is showing "up" but not the VLAN. Which is, I think, my problem. But why is the VLAN down?
sh ip int bri
Interface IP-Address OK? Method Status Protocol
Vlan1 172.21.2.1 YES manual up up
Vlan50 10.100.50.11 YES manual down down
FastEthernet0/1 unassigned YES unset up up
Thank you,
The interface is showing "up" but not the VLAN. Which is, I think, my problem. But why is the VLAN down?
sh ip int bri
Interface IP-Address OK? Method Status Protocol
Vlan1 172.21.2.1 YES manual up up
Vlan50 10.100.50.11 YES manual down down
FastEthernet0/1 unassigned YES unset up up
Thank you,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Predrag,
I suppose that is what is really confusing me. I have a 3560 Catalyst that is running LANBASE of the IOS and when I execute 'sh ip int brief' on it, it shows all of my VLAN's as active.
Now, when I do a 'show version' on the 2960, it is showing the software image as 'C2960-LANLITEK9-M'. Is that the reason I cannot have both VLAN's active?
I suppose that is what is really confusing me. I have a 3560 Catalyst that is running LANBASE of the IOS and when I execute 'sh ip int brief' on it, it shows all of my VLAN's as active.
Now, when I do a 'show version' on the 2960, it is showing the software image as 'C2960-LANLITEK9-M'. Is that the reason I cannot have both VLAN's active?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Actually, you can shutdown interface Vlan 1, that will make interface Vlan 50 active interface. So, you should be able to test VLAN 50 connectivity without hosts.
ASKER
Predrag, thank you for the clarification. That does help me understand. I did not realize that there was that much difference in the IOS versions, as I thought multiple VLAN's was a BASIC function of all Catalyst switches.
I am very comfortable with the ASA...I was just unsure why what I was doing with 3560 Catalyst switches was not able to work using 2960's. Now that makes sense.
I am very comfortable with the ASA...I was just unsure why what I was doing with 3560 Catalyst switches was not able to work using 2960's. Now that makes sense.
ASKER
Thank you very much for the clarification. It was very helpful.
You're welcome.
Interface Ethernet0/3.50 "VLANTEST", is up, line protocol is up this should be that interface expect frames tagged with VLAN50
2960 side is configured VLAN 50 as native (no tag).
issue:
interface FastEthernet0/1
no switchport access vlan 50
switchport trunk native vlan 1
to configure untagged port on ASA command should be:
switchport access vlan 50
Additionally number of VLANs that you can create on ASA depends on license type.