Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
642
Views
0
Helpful
2
Replies

ASA 5506-X trunk port - but not reachable

Maurizio Caloro
Level 1
Level 1

‎04-16-2022 06:35 AM

Hello
i define subinterface on port Gi1/8.10 VLAN10 and create a trunk on the Switch side.
but if connecting any client to Gi0/4 can't ping the FW 192.168.10.1.

thanks for any update.


ASA5506-x
---------
interface GigabitEthernet1/1
desc ** WAN **
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet1/2
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
bridge-group 1
nameif inside_2
security-level 100
!
interface GigabitEthernet1/5
Desc ** ESXi **
bridge-group 1
nameif inside_4
security-level 100
!
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
!
interface GigabitEthernet1/7
Desc ** ESXi **
bridge-group 1
nameif inside_6
security-level 100
!
interface GigabitEthernet1/8
Desc ** Switch **
bridge-group 1
nameif inside_7
security-level 100
!
interface GigabitEthernet1/8.10
description ** WIFI **
vlan 10
nameif vlan10
security-level 80
ip address 192.168.10.1 255.255.255.0
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!


Switch
------
int Gi0/10
description ** to ASA-5506-X **
switchport trunk encapsulation dot1q
switchport mode trunk
udld port aggressive
spanning-tree portfast
!
int Gi0/4
description ** Wifi **
switchport access vlan 10
switchport mode access
spanning-tree portfast
!

Port Mode Encapsulation Status Native vlan
Gi0/10 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/10 1, 10

0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎04-16-2022 10:10 AM - edited ‎04-16-2022 10:10 AM

Below setup is a bit confuse to me. BVI usually we uses for firewall in transparent mode (Just a note).

Then, I see different security level for interface and subinterface, not sure why.  Lastly, firewall does not reply ping always and this is not actually a problem but can be for security.

Make sure you are not testing something you can´t get the result you want. 

If you explain better your setup and maybe share some topology would be easier to get helped.

 

 

!
interface GigabitEthernet1/8
Desc ** Switch **
bridge-group 1
nameif inside_7
security-level 100
!
interface GigabitEthernet1/8.10
description ** WIFI **
vlan 10
nameif vlan10
security-level 80
ip address 192.168.10.1 255.255.255.0
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!

 

0 Helpful

jamesduv9
Level 1
Level 1

‎04-16-2022 11:59 AM - edited ‎04-16-2022 12:11 PM

At first glance it seems you have udld port aggressive configured on the switch's trunked interface facing the ASA, but udld is not configured on the ASA side.  I would suggest removing the udld configuration, or matching the config on the ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card