https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067571#M135167 <P>Marvin</P> <P>Would this have anything to do with the native vlan and using the physical interface on the ASA ?</P> <P>If so to the OP, you can either put the vlan 1 IP address on the physical interface on the ASA or you can change the native vlan to an unused vlan on the trunk ie. on the switch "switchport trunk native vlan &lt;vlan ID&gt;".</P> <P>Jon</P> Mon, 29 May 2017 14:58:44 GMT Jon Marshall 2017-05-29T14:58:44Z https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067569#M135159 <P>Hello Community,</P> <P></P> <P>We have Cisco ASA 5516-X Firepower Threat Defense and connected to Cisco 3850 core switch.&nbsp;</P> <P>I created VLANs on the 3850 switch and create sub-interface on the ASA 5516-X FTD. My DHCP server is the 3850 switch.</P> <P>My issue is VLAN 1 won't work in my setup. I have created other VLANs and work fine. I have VLAN 10 and 11 and works fine, i can get internet connection on these VLAN and can reach each other VLAN. But if a device on the VLAN 1, no internet and cannot reach other VLANs. Cannot also reach the gateway (sub-interface of the ASA 5516-X).</P> <P>What need to check?</P> <P></P> <P></P> Tue, 12 Mar 2019 09:25:50 GMT https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067569#M135159 VCsupport17 2019-03-12T09:25:50Z https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067570#M135164 <P>Here's what I'd start checking:</P> <P>Is the SVI up/up on the switch?</P> <P>Does the switch get an ARP entry for the ASA VLAN 1 subinterface?</P> <P>Does the ASA get an ARP entry for the SVI?</P> <P>Is the trunk from the switch in spanning tree forwarding state for VLAN 1?</P> Mon, 29 May 2017 14:58:43 GMT https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067570#M135164 Marvin Rhoads 2017-05-29T14:58:43Z https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067571#M135167 <P>Marvin</P> <P>Would this have anything to do with the native vlan and using the physical interface on the ASA ?</P> <P>If so to the OP, you can either put the vlan 1 IP address on the physical interface on the ASA or you can change the native vlan to an unused vlan on the trunk ie. on the switch "switchport trunk native vlan &lt;vlan ID&gt;".</P> <P>Jon</P> Mon, 29 May 2017 14:58:44 GMT https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067571#M135167 Jon Marshall 2017-05-29T14:58:44Z https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067572#M135170 <P>Ah good point Jon - I think you may be correct.</P> <P>I don't have one handy to lab it up right now but I do recall that the ASA only accepts tagged traffic when you are using subinterfaces. By default VLAN 1 would be untagged from the switch. I found a thread from 10 years back mentioning this:</P> <P>https://supportforums.cisco.com/discussion/10113801/how-create-trunk-port-asa-5520</P> <P>Your proposed solution makes sense. Setting the native VLAN to anything other than VLAN 1 on the switch side should indicate to it that it must tag VLAN 1 traffic on that trunk.</P> Mon, 29 May 2017 15:35:23 GMT https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067572#M135170 Marvin Rhoads 2017-05-29T15:35:23Z https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067573#M135173 <P>Hi Jon and Marvin,</P> <P></P> <P>Thank you for your helpful responses. Now i made my VLAN 1 working after doing your suggestions.</P> <P>I remove VLAN 1 on the ASA sub-interface and put it on the Physical interface with its IP address and did work! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P></P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/vlan1_0.png" class="migrated-markup-image" /></P> <P></P> <P></P> <P>Thank you for you help.</P> Tue, 30 May 2017 04:51:26 GMT https://community.cisco.com/t5/network-security/issue-on-vlan-1-with-asa-5516-x/m-p/3067573#M135173 VCsupport17 2017-05-30T04:51:26Z