12-13-2010 03:51 PM - edited 03-06-2019 02:30 PM
I currently have a 3750 connected to my ASA 5520 on the "inside" interface. I would like to introduce 2 subinterfaces on the ASA "inside" interface and trunk the switchport. I believe I have done this, but I am not able to ping from the ASA to a client computer on a new vlan off a downstream switch. Here is what I have. ASA interface is 192.168.52.1 --> Cisco 3750 is 192.168.52.248 --> Cisco 2960 is 192.168.52.249 --> Cisco 2950 is 192.168.52.250. I created the VLANs with 192.168.20.1(VLAN20) and 192.168.30.1(VLAN30), these are showing up on all three switches and I am able to PING between all switches. I cannot get outside to the internet, and also I cannot ping the subinterface IPs that I created on the ASA (192.168.20.1 and 192.168.30.1).
I trunked the swithport that goes up to the ASA, but the configuration is as follows:
interface GigabitEthernet1/0/2
switchport access vlan 3
switchport trunk encapsulation dot1q
switchport mode access
spanning-tree portfast
I believe my problem is with a misconfiguration on the Gig 1/0/2 interface. Please confirm what my configuration would have to be in order to maintain the
original traffic, and introduce the new networks (192.168.20.X and 192.168.30.X). What do I have wrong here?
The help from the community is appreactiated!!
JG
Solved! Go to Solution.
12-13-2010 04:22 PM
Your switch port is not trunked
configure the 3750 as follows and try again
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,30
switchport mode trunk
end
C3750-E(config-if)#
HTH
Reza
12-13-2010 04:22 PM
Your switch port is not trunked
configure the 3750 as follows and try again
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,30
switchport mode trunk
end
C3750-E(config-if)#
HTH
Reza
12-13-2010 04:29 PM
Perfect, thanks for the reply.
Will this still allow the native (not sure how to reference it) or VLAN3 (192.168.52.X) traffic to continue to pass? The new networks are intended to be my "test" environments, while the production network is actually on that interface as 192.168.52.1 currently. I was reading about the "nameif" command and got a little confused.
I knew something looked strange about that configuration
Thanks Reza,
JG
12-13-2010 04:35 PM
If you want to use vlan 3 as native vlan, you can add it to the config. see below:
Current configuration : 168 bytes
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 3
switchport trunk allowed vlan 20,30
switchport mode trunk
end
C3750-E(config-if)#
12-13-2010 04:57 PM
If I run the commands in the following manner, will I have any network downtime or outage? I'd like to do this ASAP....
conf t
int gig1/0/2
switchport trunk native vlan 3
switchport mode trunk
switchport trunk allowed vlan 20,30
wr mem
Just curious if I have all the commands in order to complete this.
The above should take my current config of:
interface GigabitEthernet1/0/2
switchport access vlan 3
switchport trunk encapsulation dot1q
switchport mode access
spanning-tree portfast
To:
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 3
switchport trunk allowed vlan 20,30
switchport mode trunk
Correct?
JG
12-13-2010 05:16 PM
I would do it during an outage window. That will give you also sometimes to test it to make sure every thing is working
12-13-2010 06:46 PM
I agree, but there is ALWAYS someone "in the office" around here!
Thanks for your time and input. I'll post my results in hopes it can help someone else with a similar configuration issue.
JG
12-14-2010 09:38 AM
Just to follow up, the configuration that Reza recommended worked perfectly. I now am able to see all
traffic between the firewall and the switches.
Thank you for your time Reza!
JG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide