Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1713
Views
0
Helpful
1
Replies

FTD 1010 switch port Trunk not working

NikolayKostov88625
Level 1
Level 1

‎03-18-2021 09:04 AM - edited ‎03-18-2021 10:33 AM

I have the following issue with my new FTD 1010 running 6.7 coming in to replace an old ASA 5505.
I have the following config on the ASA:

.....
interface Ethernet0/5
switchport trunk allowed vlan 2-3
switchport trunk native vlan 2
switchport mode trunk
!
interface Ethernet0/6
switchport access vlan 2
!
interface Ethernet0/7
switchport access vlan 2
shutdown
!
interface Vlan1
mac-address e48d.8cab.ed68
nameif outside
security-level 0
ip address ******** 255.255.255.0
!
interface Vlan2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan3
nameif wifi2
security-level 50
ip address 192.168.100.1 255.255.255.0

....

On the FTD I have replicated the exact same config, but for the Outisde ofcourse I have routed interface as I needed to mage the FTD with FMC.

.....
!
interface Vlan2
nameif vlan2
security-level 0
ip address 192.168.1.1 255.255.255.0
!
interface Vlan3
nameif vlan3
security-level 0
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet1/1
no switchport
nameif outside-garaj
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address ********** 255.255.255.0
!
.....
!
interface Ethernet1/4
switchport
switchport access vlan 2
!
interface Ethernet1/5
description test
switchport
switchport trunk allowed vlan 2-3
switchport trunk native vlan 2
switchport mode trunk


Now the funny part comes here. I have AP with two SSIDs that have the vlan 2 as nateive for the one and vlan 3 for the second SSID.

With the ASA it works perfectly fine.
Whe I try the ping from the Vlan3 network to the FTD 192.168.100.1 there is no ping neither anything captured on the Pcap.
Same as being on the vlan 2 SSID and having IP from that subnet pinging the GW (FTD) 192.168.1.1 no ping.
Not to mention that there is no ping between both of them.
I had a feeling that it could be as of issue with a trunk not being active so i have included a switch with trunk port, but even then it does not work.

Any ideas why the trunk on the FTD 1010 in switchport mode would not be working as expected?

3 people had this problem
0 Helpful
1 Reply 1

allenh
Level 1
Level 1

‎07-04-2023 08:29 AM

@NikolayKostov88625, were you able to resolve this issue? 

Thanks,

AH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card