cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
377
Views
0
Helpful
6
Replies

ASA sub-interfaces problem

ece344609_2
Level 1
Level 1

When configuring a CatOS switch to work with the ASA sub-interfaces, are these the right commands? Thanks much.

clear trunk 2/28 1-91,94-1005,1025-4094

set trunk 2/28 on dot1q 92-93

1 Accepted Solution

Accepted Solutions

Okay, your trunk has a native vlan of 92 which means the packets sent for this vlan will not be tagged.

I don't have an ASA to test with but it may be that the ASA is expecting a tagged packet on vlan 92. So you could try changing the native vlan on the trunk link to something other than vlan 92 - the native vlan shouldn't be used to carry data traffic again.

Are your ASA subinteraces up ?

Jon

View solution in original post

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

Yes assuming that what you are trying to achieve on the CatOS switch is to have a trunk connected to the ASA that only allows vlan 92 and 93.

Jon

Thanks Jon.

That is the intention but I cannot get a host on VLAN 92 to ping the sub-interface I created on the firewall.

I have attached my test config.

Can you post output of "sh trunk" from the switch.

Jon

Jon,

Your help is much appreciated.

It is attached.

Okay, your trunk has a native vlan of 92 which means the packets sent for this vlan will not be tagged.

I don't have an ASA to test with but it may be that the ASA is expecting a tagged packet on vlan 92. So you could try changing the native vlan on the trunk link to something other than vlan 92 - the native vlan shouldn't be used to carry data traffic again.

Are your ASA subinteraces up ?

Jon

Jon,

The issue was the VLAN tagging. I changed that to another VLAN and it works!!

Thanks again and sorry I could not get back to you before.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: