Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
4
Replies

native vlan unreachable

Andriy Sidko
Level 1
Level 1

‎01-12-2011 10:19 AM - edited ‎03-04-2019 11:03 AM

Hi.

I made following schema.

ASA5505 + sec plus license

e0/0 -access VLAN2-> uplink

e0/1 - trunk .1q -> switch

e0/2 - access VLAN9

e0/3 - access VLAN9

e0/4 - access VLAN9

e0/5 - access VLAN9

e0/6 - access VLAN9

e0/7 - access VLAN9

native VLAN was reassigned from 1 to 9

native VLAN for trunk is 9

I configured 7 VLANs with different security levels. Some of them inside, some DMZ.

problem is I'm not able to ping switch with ip 172.19.214.194(VLAN9) from ASA but I can ping device in VLAN-3-1.1only one way I can ping device in vlan 9from ASA if I connect ASA port for example e0/5 to switch ports vlan9 member but some STP issues appears.

Could you help?

Thank you.

Labels:
78561-ASA5505-current-conf.txt.zip
0 Helpful
4 Replies 4

Dan-Ciprian Cicioiu
Level 7
Level 7

‎01-12-2011 10:33 AM

Hi ,

Did you change also the native vlan of the switch port ?

The only port that is connected to the switch is 0/1 ?

Dan

0 Helpful

Andriy Sidko
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎01-12-2011 11:20 AM

yes i changed switch native vlan.

This is Enterasys C3 switch.

trunk from ASA e0/1 connected to port ge.1.48

set vlan egress 9 ge.1.48 untagged
set vlan egress 9 ge.1.47 untagged
set host vlan 9

another ASA port e 0/5 (vlan9) connected to switch port ge.1.47 (vlan9)

native vlan reassigned at the switch too (underlined)

if I disconnect link ASA e0/5 switch ge.1.47 I can not ping each other. ASA<->Enterasys switch.

spantree is disabled ast both ports:

set spantree portadmin  ge.1.47 disable
set spantree portadmin  ge.1.48 disable

Thank you.

0 Helpful

Dan-Ciprian Cicioiu
Level 7
Level 7
In response to Andriy Sidko

‎01-12-2011 11:54 AM

Hi ,

Have you checked the MAC address of the ASA's vlan9 on the switch ? Is it on ge.1.47 is it on ge.1.48 ?

Also on ASA : show switch mac-address-table ,can you see the MAC address of the SVI of the switch ?

Dan

0 Helpful

Andriy Sidko
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎01-13-2011 10:01 AM

ASA mac (c84c.75f4.1e12)

Enterasys (001f.4579.1da0)

enterasys

CAQCMT-TD-SW01(su)->show mac address c8-4c-75-f4-1e-12

MAC Address       FID  Port          Type

----------------- ---- ------------- --------

C8-4C-75-F4-1E-12 1    ge.1.48       Learned

C8-4C-75-F4-1E-12 3    ge.1.48       Learned

C8-4C-75-F4-1E-12 4    ge.1.48       Learned

C8-4C-75-F4-1E-12 5    ge.1.48       Learned

C8-4C-75-F4-1E-12 9    ge.1.47       Learned

CAQCMT-TD-SW01(su)->

ASA

CAQCMT-TD-FW01# sh switch mac-address-table
Legend: Age - entry expiration time in seconds

   Mac Address  | VLAN |       Type       | Age | Port
-------------------------------------------------------

----------omitted for briefly.---------------

001f.4579.1da0 | 0009 |     dynamic      | 287 | Et0/5
----------omitted for briefly.---------------

Total Entries: 79

CAQCMT-TD-FW01#

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card