Problem connecting to Level3 DIA

Sean Kim · ‎07-08-2012

I have trouble connecting a Level3 DIA (Dedicated Internet Access) to my 3560 switch. It works fine if I connect it directy to the outside interface of my ASA5540. Since I have a single internet handoff I need to connect it to a switch in order to implement a ASA failover configuration.

All I did was assign the same vlan to to ports on the 3560 that are connected to the Internet handoff and the ASA outside interface. There were no errors on the switch but ASA was not able to ping the dfgw anymore. I just want to make sure I did nothing wrong before I bring it up to Level3.

Your assistance is really appreciated.

Sean Kim

skim@empyreanbenefits.com

Giuseppe Larosa · ‎07-09-2012

Hello Sean,

you have to check if the three ports in the new Vlan are all up/up on the L2 LAN switch.

For example you may need a cross over cable when connecting the internet handoff to the lan switch

so the first step is to check the state of the three ports and to see if you learn the MAC addresses on them

show vlan XX

it has to list all three ports

show interface type x/y

has to be up/up for all three ports.

show mac address-table interface type x/y

this has to provide the ASA MAC address on port connected to ASA primary, the defgw MAC address on the port connected to the DIA

show ip arp on the ASA should provide the same entry as when directly connected to the DIA cable

Hope to help

Giuseppe

Sean Kim · ‎07-09-2012

Hi Giuseppe,

Thank you for your input. I went through the same steps several times but still not able to make it work so I thought I'd missed something. I'll do some troubleshooting with Level 3 tomorrow and we'll see how this turns out. I'll keep you posted. Thanks again.

Sean

Sean Kim · ‎07-10-2012

It turned out to be a problem on Level3 side. After they reconfigured the switch port on their side, the problem was fixed.

Thank you,

Sean