cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1613
Views
0
Helpful
11
Replies

Change IP Address on ASA

david krupa
Level 1
Level 1

If I wanted to change the IP Address of my ASA how would I configure the switchport that it connects to? Right now the port is configured :

interface GigabitEthernet0/24

description **Cisco ASA**

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1

switchport mode trunk

spanning-tree portfast

The current IP Address is 192.168.X.X which is VLAN 1

I want to change the IP Address to 10.10.X.X which is a vlan 10.

HOw would I configure the port to make this work?

THanks..

11 Replies 11

johnlloyd_13
Level 9
Level 9

hi david,

just add this line under interface g0/24:

Switch(config-if)#switchport trunk allowed vlan add 10

once everything's working, just replace the keyword "remove" using the same command in order to remove VLAN 1.

ALIAOF_
Level 6
Level 6

You might want to remove this "switchport access vlan 10". 

It is clear in the original post that he wants to change the address used by the ASA. And it is clear that the current address is in vlan 1 and that the new address will be in vlan 10. It is pretty obvious that the ASA is currently processing untagged frames sent in the native vlan of vlan 1.

I think that there may be an issue with just changing the address on the ASA and adding vlan 10 to the trunk. The result of this would be that the frames in vlan 10 will be tagged. It is not clear from the original post whether he intends to change the configuration of the ASA so that it is looking for frames tagged in vlan 10 or whether the ASA will continue to process untagged frames. And in that case it would be necessary to make vlan 10 to become the native vlan on the trunk of the switch.

HTH

Rick

HTH

Rick

How would I go about changing the native vlan of the trunk on the switch?

You have not identified the model of switch so we are not sure about syntax. But it should be this or something pretty similar

switchport trunk native vlan 5

HTH

Rick

HTH

Rick

THank you, the switch model is Catalyst 3560-X

Post your ASA interface config...

Jawad

Jawad

John Blakley
VIP Alumni
VIP Alumni

Hi David,

interface GigabitEthernet0/24

description **Cisco ASA**

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1

switchport mode trunk

spanning-tree portfast

Your current switchport is configured as a trunk port and the ASA probably isn't tagging packets (unless you have subinterfaces configured). You would need to change your mode to an access port for "switchport access vlan 10" to be in effect. You should be able to change your address on whatever interface connects to this switchport in the 10.10.x.x range, but you'll need to make the other changes to the switchport in order for it to work.

As a side note, it would be beneficial to see how your interfaces are configured now. If you in fact do have subinterfaces, you'll need to have the port stay in trunk mode in order to support the other vlans. Then you'd need to change your native vlan like Rick stated above.

HTH,

John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Here is the config on ports. Port Gi0/23 is going to the ASA, and Port Gi1/1 is going to our HP chasis switch which is where all the other switches connect to.

interface GigabitEthernet0/1

description *** User with IP Phone and PC ***

switchport access vlan 10

switchport mode access

switchport voice vlan 67

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

macro description UserAccess | UserAccess

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/2

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/3

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/4

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/5

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/6

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/7

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/8

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/9

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/10

description 1000BaseT to dsac-2951-seattle Gi0/1

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,67

switchport mode trunk

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

channel-group 1 mode on

!

interface GigabitEthernet0/11

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/12

description ***UPLINK to PIX/COMCAST***

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/13

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/14

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/15

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/16

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/17

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/18

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/19

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/20

description 1000BaseT to dsac-2951-seattle Gi0/2

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,67

switchport mode trunk

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

channel-group 1 mode on

!

interface GigabitEthernet0/21

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/22

switchport access vlan 10

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

spanning-tree portfast

!

interface GigabitEthernet0/23

description ***Cisco ASA***

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/24

description ***UPLINK to CEN Temp***

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

spanning-tree portfast

!

interface GigabitEthernet1/1

description UPLINK to HPCoreBladeSW

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

!

interface GigabitEthernet1/2

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

!

interface GigabitEthernet1/3

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

!

interface GigabitEthernet1/4

description UPLINK to Perimeter

switchport mode access

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

auto qos trust

!

interface TenGigabitEthernet1/1

!

interface TenGigabitEthernet1/2

!

interface Vlan1

ip address 192.168.1.1 255.255.255.0

ip pim sparse-dense-mode

!

interface Vlan2

ip address 10.2.0.1 255.255.0.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

ip policy route-map 2

!

interface Vlan3

ip address 10.3.0.1 255.255.0.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan4

ip address 10.4.0.1 255.255.0.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

ip policy route-map 1

!

interface Vlan5

ip address 10.5.0.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

ip policy route-map 3

!

interface Vlan6

ip address 10.6.0.1 255.255.255.0

ip helper-address 10.20.0.10

ip pim sparse-dense-mode

!

interface Vlan7

ip address 10.7.0.1 255.255.255.0

ip helper-address 192.168.1.5

ip helper-address 10.20.0.10

ip pim sparse-dense-mode

!

interface Vlan8

ip address 10.8.0.1 255.255.255.0

ip access-group nointernet in

ip helper-address 192.168.1.5

ip helper-address 10.20.0.10

ip pim sparse-dense-mode

!

interface Vlan9

ip address 10.9.0.1 255.255.255.0

ip helper-address 10.20.0.10

ip pim sparse-dense-mode

!

interface Vlan10

ip address 10.10.0.1 255.255.0.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan11

ip address 10.11.0.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan12

ip address 10.12.0.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan15

ip address 10.15.0.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan20

ip address 10.20.0.1 255.255.255.0

ip pim sparse-dense-mode

!

interface Vlan67

ip address 10.67.0.1 255.255.255.0

ip helper-address 192.168.1.23

ip pim sparse-dense-mode

!

interface Vlan68

description bb-voice

ip address 10.67.1.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan69

ip address 10.67.2.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan70

ip address 10.67.3.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan71

ip address 10.67.4.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan72

ip address 10.67.5.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan73

ip address 10.67.6.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan74

ip address 10.67.7.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan75

ip address 10.67.8.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan76

ip address 10.67.9.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan77

ip address 10.67.10.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan78

ip address 10.67.11.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

interface Vlan79

ip address 10.67.12.1 255.255.255.0

ip helper-address 192.168.1.23

ip helper-address 192.168.1.19

ip pim sparse-dense-mode

!

ip default-gateway 192.168.1.2

Thanks for posting the config. However it probably raises more questions than it answers.

My first observation is that the switch port connecting to the ASA is configured as a trunk port. But the only vlan allowed is vlan 1. So why is it configured as a trunk? The only frames going over this connection would be the same if it were configured as an access port in vlan 1.

My first suggestion is that if you make the switch interface connecting to the ASA into an access port in vlan 10 then traffic will flow (after you change the IP address of the interface on the ASA).

My second suggestion is that you could modify the switch configuration to allow vlan 10 on the trunk connecting to the ASA and could make the native vlan into vlan 10. Then you should have connectivity to the ASA.

I also observe that I see three vlans present on the switch (vlans 1, 10, and 67). But there are multiple interface vlan configured on the switch. How do vlans 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 15, 20, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, and 79 function on this switch?

HTH

Rick

HTH

Rick

interface GigabitEthernet0/23

description ***Cisco ASA***

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1

switchport mode trunk

spanning-tree portfast

Make it simple u dont have to allow all vlan just vlan that is required just allow it. Dont make it Trunk if u want to allow multiple vlans then trunk is needed.

interface GigabitEthernet0/23

description ***Cisco ASA***

no switchport access vlan 10

no switchport trunk encapsulation dot1q

no switchport trunk allowed vlan 1

no switchport mode trunk

spanning-tree portfast

After this

switchport mode access

switchport access vlan 10 (What ever vlan you want to commnicated with )

Jawad

Jawad
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco