Hi Karsten,Configure the

Sheraz_35 · ‎10-16-2015

I have access to an ASA 5505 over a VPN, it is connected to a switch, the port on the switch that is connected to the ASA is an access port, I made it into a trunk and got kicked off as expected, so on the firewall I made the port that connects to the switch into a trunk also, but I am guessing it didn't establish because I could not get back into the switch and had to get a colleague to move the cable on the switch back into an access port.

The question is, is there any way I can set up a trunk from the ASA 5505 side so I don't lose access to the switch if a trunk doesn't establish? i.e Force the ASA 5505 to tell the switch to establish a trunk? I need to do it from the ASA because if it does not establish I won't lose access because I can access the outside interface of the ASA all ways. Where as if I set the port on the switch to a trunk I get kicked off if it does not establish. And can't get back into the switch to see what is going on.

Thanks

Karsten Iwen · ‎10-17-2015

Can you accept some downtime? Then do a "reload in 10" before configuring the port. If it doesn't work for whatever reason, the ASA will reboot and have the old working config.

To not get kicked out you have to configure the Ethernet-interface first with a native vlan that is identical to the access-vlan. Then you can switch to trunk-mode. As the native vlan is used without tagging, the connected access-switchport should still be reachable.

Sheraz_35 · ‎10-19-2015

Hi Karsten,

Configure the native vlan on the ASA or the switch? Thanks for your reply.

How to force link between ASA and Switch into trunking mode from the ASA CLI