No, that's not a stupid question because that was the 1st thing i checked!

and i did enable the port.  LOL

here's the config:

K , Do few things :-

1> Try using a cross over cable , I know auto mdix is enabled on asa but verify is the device on the other end auto mdix enabled ( LAYER 1 )

2> Verify the configuration and port setting of attached device ( switch) for Vlan in database , trunk enabled ( dot1q ) , vlan is allowed over the trunk , port auto setting.  ( Layer 2 ).

3> Post

    a> sh int eth 0/2 or 0/2.1

    b> sh int ip brief

As far as ASA 5510 , the base license supports upto 50 vlans and all you need is the subinterface configuration. I would double verify the configuration on the attached switch.

Manish

yeah, i thought of the cable as well...swapped out the cables.

is there a VLAN db in an ASA?  How do i tel if trunking is enabled?

when i plug in the L2 switch, the activity and link lights come on BUT from the ASA i cannot ping the PCs connected to the swtich.  nor do i see said PCs when i do a "sh arp" in the ASA.

i forgot to answer the rest of your questions....

yes, the ASA can ping the subinterface. and the port shows up, up.

there isn't any config on the switch, it's just a L2 device.  i've even connected a PC straight into the ASA with the same results.

Which switch is this, is it s cisco switch. The one thing that i would check is which lan the port belongs to. If its a vlan by default, the ASA interface 2.1 is configured for Vlan7. I would try statically configured the port to Vlan 7 and see if it changes any thing.

This could be the reason why PC connected to the ASA port is not able to ping because ASA is sending the tagged packet with VLAN 7 and expecting a VLAN 7 tagged packet.

Cheers,

-amit singh

it is just a 3Com L2 switch.  i can but in an IP address but i shouldn't have to.

i've attached a quick drawing of what i have going.

As I mentioned in the earlier post and as pointed out by Manish, You have to configure the trunk port on the switch connecting to ASA or atleast have that port configured in VLAN7 in order this to work. ASA is expecting 802.1q tagged packet from the switch and its not receving any as there is no configuration done on switch and everything is in default vlan is its supports vlan and dot1q trunking. Its not gonna work unless the trunk is configured between ASA and Switch or everything defaults to vlan 1. Else easier wuld be to configure the ASA port as L3 port withput trunking and connect it to the switch, have all the PC's use ASA as default gateway and you are good to go.

Cheers,

-amit singh

You Do not have create a Vlan db on ASA , but you will have to configure a VLAN db on the switch as

well as enable trunking on the switch port that is connecting to the ASA.The ASA with sub interface configuration expects to see a dot1q trunk.

so , you need configuration for a dot1q trunk with vlan db on the switch + need ports on that switch in vlan access 7 for pc connected to it.

I hope i am making sense here.

Manish

I'm following you i do it all the time with Cisco SWs.  but this one is just a stupid SW. all it's doing is breaking up the link so that i can get acouple PCs on that link.

during this journey i've by-passed the SW and plugged a PC straight into the ASA with no luck.  the PC had the correct IP, etc.

well that fixed the problem.  i had all of the ports as "untagged" and as soon as i config-ed the uplink port to "tagged" i was able to see the ASA, etc.

now i just need to get the traffic natted and out to the Inet.

Any thoughts on that?