Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

246
Views
0
Helpful
5
Replies
Steven Tolzmann
Steven Tolzmann Beginner
Beginner
‎11-18-2014 08:12 PM
‎11-18-2014 08:12 PM

Cisco ASA Trunking Problem

Hello all. I have setup a few trunks before between Cisco ASA5505 and CISCO 1252 access points, with no problem... However this one will not work for some reason, and I have been unable to find out why.. If I put the port into Access Mode, I am able to access the Access Point's Management Interface on the Native Vlan (1), but once I enable Trunking Mode on the port, all communication stops. The goal is to provide a trunk for 2 VLANS running on 2 SSID's.

 

EDIT: I did notice that the "switchport trunk native vlan " command is missing on this ASA5505 (only gives option for switchport trunk allowed), it does seem to appear in other versions. Is there a command I am missing somewhere to make this work?

 

Please help!!!

 

ASA5505:

ASA Version 8.0(2)

Licensed features for this platform:
Maximum Physical Interfaces  : 8
VLANs                        : 20, DMZ Unrestricted
Inside Hosts                 : Unlimited
Failover                     : Active/Standby
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
VPN Peers                    : 25
WebVPN Peers                 : 2
Dual ISPs                    : Enabled
VLAN Trunk Ports             : 8
Advanced Endpoint Assessment : Disabled

This platform has an ASA 5505 Security Plus license.

 

Switching Config:

interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.9.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xxxxxxxxxxxx 255.255.255.248
!
interface Vlan3
 nameif inet
 security-level 50
 ip address 10.10.0.1 255.255.255.0
!

interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
 description TO ACCESS POINT
 switchport trunk allowed vlan 1,3
 switchport mode trunk
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7

 

 

ACCESS POINT CONFIG:

Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JDA3, RELEASE SOFTWARE (fc1)

dot11 ssid INET
   vlan 3
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxx
!
dot11 ssid Inside
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxx
!
dot11 ssid Inside-5g
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxx
!

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 encryption vlan 3 mode ciphers aes-ccm
 !
 broadcast-key change 3600
 !
 !
 ssid INET
 !
 ssid Inside
 !
 mbssid
 channel 2437
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 3
 bridge-group 3 subscriber-loop-control
 bridge-group 3 block-unknown-source
 no bridge-group 3 source-learning
 no bridge-group 3 unicast-flooding
 bridge-group 3 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 broadcast-key change 3600
 !
 !
 ssid Inside-5g
 !
 dfs band 3 block
 mbssid
 channel dfs
 station-role root
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 no cdp enable
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.3
 encapsulation dot1Q 3
 no ip route-cache
 no cdp enable
 bridge-group 3
 no bridge-group 3 source-learning
 bridge-group 3 spanning-disabled
!
interface BVI1
 ip address 192.168.9.254 255.255.255.0
 no ip route-cache
!
interface BVI3
 ip address 10.10.0.254 255.255.255.0
 no ip route-cache

Labels:
0 Helpful
Reply
5 REPLIES 5
Mhon Baul
Mhon Baul Beginner
Beginner
‎11-19-2014 03:22 AM
‎11-19-2014 03:22 AM

Have you tried connecting the

Have you tried connecting the asa trunk port to a cisco switch with a trunk port? I believe your ap connection is directly connected to the firewall. 

 

HTH

Reymon

0 Helpful
Reply
Steven Tolzmann
Steven Tolzmann Beginner
Beginner
‎11-19-2014 07:37 AM
‎11-19-2014 07:37 AM

Hello, Unfortunately I don't

Hello,

 

Unfortunately I don't have a Cisco Switch to connect to at the moment. Is there a command missing on either device?

 

Thanks kindly,

Steve Tolzmann

0 Helpful
Reply
Mhon Baul
Mhon Baul Beginner
Beginner
‎11-19-2014 04:16 PM
‎11-19-2014 04:16 PM

Hi Steve,  Can you do a show

Hi Steve,

 

 Can you do a show ver from your ASA? You should have a "security plus license" in order to configure trunk port on ASA FW.

 

Please rate  if this is helpful.

 

HTH

Reymon

0 Helpful
Reply
Highlighted
Steven Tolzmann
Steven Tolzmann Beginner
Beginner
‎11-19-2014 04:23 PM
‎11-19-2014 04:23 PM

Reymon, I did post the show

Reymon,

 

I did post the show Ver in my original post. This ASA does have the Security+ License, and has 20 Vlans with Trunking Enabled.

The ASA Software version is 8.0 as well.

 

Thanks,

Steve

0 Helpful
Reply
Mhon Baul
Mhon Baul Beginner
Beginner
‎11-19-2014 05:25 PM
‎11-19-2014 05:25 PM

Have you tried removing the

Have you tried removing the native vlan on below config since the ASA FW doesn't support this feature?

 

interface Dot11Radio0.1
 encapsulation dot1Q 1 native

!

interface GigabitEthernet0.1
 encapsulation dot1Q 1 native

 

HTH 

-Reymon

0 Helpful
Reply
Latest Contents
Recent changes in SRIOV VF mapping in NFVIS GUI
Created by gosekar on 12-05-2019 06:59 PM
0
0
0
0
Starting from NFVIS 3.12 versions, the deploy option does not depict all the SR-IOV VFs(Virtual Functions) available in a physical interface. This change is introduced as (i) the number of VFs of ENCS platform on LANs side is increased to 24 and (ii) the... view more
Community Live- Getting to know Cisco SD-WAN
Created by ciscomoderator on 12-05-2019 12:41 PM
0
0
0
0
Community Live- Getting to know Cisco SD-WAN (Live event - formerly known as Webcast-  Wednesday December 11, 2019 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris) This event will have place on Wednesday 11th, December 2019 at 10hrs PDT  Register to... view more
Fixed IP for each location
Created by MuhammadAfnan32526 on 12-05-2019 11:22 AM
1
0
1
0
Hi alli have 40 spots (40 Ethernet cables for computers coming out from switch) and i want each of these spots to have fix IP which means if i swap the computer the IP of certain spot remain the same.example : at spot 30 i have IP address of 192.168.22.40... view more
Cisco DNA Center appliance connected to Cisco Nexus 5K/7K/9K...
Created by Karthik Kumar Thatikonda on 12-04-2019 01:01 PM
0
5
0
5
Symptoms Cisco DNA Center nodes lost network connectivity. Cannot SSH to nodes. Cluster and Enterprise port connected to Cisco Nexus Switches. Diagnosis Cisco DNA Center kernel logs showing hung queue error messages. "sudo cat /var/log/kern.log" Work... view more
Cisco Digital Network Architecture Center Modules (Design M...
Created by Mohamed Alhenawy on 11-28-2019 09:51 AM
0
0
0
0
Cisco Digital Network Architecture Center Modules(Design Module)Wireless Part.In this article, we are going to talk about Cisco Digital Network Architecture Center design Module, Wireless Part.Cisco DNA Center gives us the flexibility and scalability to c... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad