06-05-2014 02:09 AM - edited 03-11-2019 09:17 PM
Maybe it's because it's so late, but I'm confused. I've got an out of the box ASA 5520 with just a basic config on it - the default mostly, except the Gi0/0 and 0/1 ports are not in shutdown mode. I've got connection lights, and both the ASA and the switch it's connected to show the links as being up, but I just can't communicate with it. I can connect to the management port and get into the ASDM. It is configured for Gi0/1 as the Inside, and it has an IP address assigned. The switch sees the mac address of the inside interface briefly when the ASA first boots up, but then it ages out and won't show again. I'm not even worried about the outside connection yet - I haven't assigned an address to it yet as I wanted to just get it hooked up on the inside and start configuring from there. Any ideas? I'm at a loss at the moment.
Solved! Go to Solution.
06-05-2014 04:05 AM
It is most probably that one of the trunks between the layer 2 switch and the core switch is not configured to carry VLAN 255.
--
Please remember to select a correct answer and rate helpful posts
06-05-2014 03:35 AM
Out of curiosity, is this a layer 2 or layer 3 switch? My guess is that the switch does not have a configured IP that it can source the ping from. It needs an IP within the range that is configured on the ASA. Have you tried to configure another port in VLAN10 and connect a PC to it and ping from it?
--
Please remember to select a correct answer and rate helpful posts
06-05-2014 03:39 AM
The switch itself is layer 2. Layer 3 stuff is done further upstream. That has an IP on the same VLAN and I can see MAC addresses on the VLAN coming from the upstream switch.
06-05-2014 03:47 AM
From your post it looks like you are trying to ping the ASA from the switch...this will not work as it does not have an IP within the subnet that is configured on the ASA. Configure an interface in VLAN 255 on the switch, connect a PC to the port and configure that PC with an IP 10.255.255.2 255.255.255.0, for example. Then try to ping the ASA from the PC.
--
Please remember to select a correct answer and rate helpful posts
06-05-2014 04:02 AM
I tried from the L3 switch that has an IP address on that subnet, but it didn't work either. I will try with a PC in the local switch, but it should have worked from the L3 switch. All the links between the switches are trunks and have the VLAN allowed.
Edit: Ok, I just tried the workstation thing. I can put a workstation on the same switch in the same VLAN/Subnet and can ping the inside interface of the router, but can't ping the core switch that's doing all the layer 3 routing. So it seems the problem is between the switches someplace.
06-05-2014 04:05 AM
It is most probably that one of the trunks between the layer 2 switch and the core switch is not configured to carry VLAN 255.
--
Please remember to select a correct answer and rate helpful posts
06-05-2014 04:08 AM
Yep. I just found it between the L3 core switch and the intermediate switch before the one the ASA is connected to. I knew it was something stupid. I just couldn't see it. Thanks for pointing me in the right direction. Time to get some sleep, I think.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide