Configuring VLANs - Page 3

ronin2307 · ‎02-08-2008

Hi,

I am very new to Cisco hardware and VLANs in general. We have a very simple network setup (ASA5510 set up as a router/firewall and many switched of which I am only trying to deal with a Cisco Catalyst 2960).

WHat I was hoping to do without any additional wiring is to add a VLAN for an AP that would be used for guest access to the internet, but not the internal network.

So on the ASA i created a subinterface off of the main inside interface and on the 2960 I created a new VLAN. Then i tried to configure the port on the 2960 to which the ASA is connected as a trunk port, but at that moment everybody loses the connection to the outside.

Basically, where can i find any documentation on how to properly set this up with the hardware I have.

I am sure i am missing many things, but I do need some guidance.

Thank you

Collin Clark · ‎02-12-2008

Weird.

CISCO-COLO# config t

CISCO-COLO(config)# int Ethernet 0/3

CISCO-COLO(config-if)# switchport ?

interface mode commands/options:

access Set access mode characteristics of the interface

mode Set trunking mode of the interface

monitor Monitor another interface

protected Configure an interface to be a protected port

trunk Set trunking characteristics of the interface

CISCO-COLO(config-if)# switchport

Also remove the nameif from E0/2

Collin Clark · ‎02-12-2008

interface Ethernet0/2

description Trunk Only!!!! DO NOT CONFIGURE

speed 100

duplex full

no ip address

switchport mode trunk

switchport trunk allowed vlan 200

ronin2307 · ‎02-12-2008

Hawkeye-ASA5510# config t

Hawkeye-ASA5510(config)# int eth 0/2

Hawkeye-ASA5510(config-if)# switchport

^

ERROR: % Invalid input detected at '^' marker.

Hawkeye-ASA5510(config-if)# switchport ?

ERROR: % Unrecognized command

Hawkeye-ASA5510(config-if)# switchport

Collin Clark · ‎02-12-2008

Was this port configured with nameif before you upgraded to 8.x? Normally you can only assign nameif to VLANs.

ronin2307 · ‎02-12-2008

the port was disabled since the beginning. I just as recently as last week enabled it and started playing with the vlans

Collin Clark · ‎02-12-2008

Can you remove the nameif?

ronin2307 · ‎02-12-2008

already did, but i dont see why that would make any difference

Collin Clark · ‎02-12-2008

nameif implies a security zone, we want a switch/trunk port. Still no switchport under the physical interface?

ronin2307 · ‎02-12-2008

still nothing :-(

ronin2307 · ‎02-12-2008

latest and the greatest 8.0.3

Result of the command: "show interface"

Interface Ethernet0/1 "inside", is up, line protocol is up

Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)

MAC address 0012.d948.f617, MTU 1500

IP address 192.168.1.XXX, subnet mask 255.255.255.0

3377797 packets input, 1409435170 bytes, 0 no buffer

Received 165455 broadcasts, 0 runts, 0 giants

0 input errors, 13719 CRC, 0 frame, 0 overrun, 13719 ignored, 0 abort

0 L2 decode drops

4746865 packets output, 2385992427 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max packets): hardware (0/30) software (0/0)

output queue (curr/max packets): hardware (0/53) software (0/0)

Traffic Statistics for "inside":

3377584 packets input, 1341678780 bytes

4746865 packets output, 2296225116 bytes

73578 packets dropped

1 minute input rate 74 pkts/sec, 5958 bytes/sec

1 minute output rate 135 pkts/sec, 56821 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 67 pkts/sec, 40605 bytes/sec

5 minute output rate 83 pkts/sec, 31588 bytes/sec

5 minute drop rate, 1 pkts/sec

Interface Ethernet0/2 "dmz", is up, line protocol is up

Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec

Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)

Description: Trunk Only!!!! DO NOT CONFIGURE

MAC address 0012.d948.f618, MTU 1500

IP address unassigned

59 packets input, 5374 bytes, 0 no buffer

Received 59 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

1 packets output, 64 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max packets): hardware (5/9) software (0/0)

output queue (curr/max packets): hardware (0/1) software (0/0)

Traffic Statistics for "dmz":

59 packets input, 4312 bytes

0 packets output, 0 bytes

22 packets dropped

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

Interface Ethernet0/2.200 "WIFI", is up, line protocol is up

Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec

VLAN identifier 200

Description: WiFi DMZ

MAC address 0012.d948.f618, MTU 1500

IP address 192.168.2.1, subnet mask 255.255.255.0

Traffic Statistics for "WIFI":

0 packets input, 0 bytes

1 packets output, 28 bytes

0 packets dropped

Interface Ethernet0/3 "", is administratively down, line protocol is down

Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec

Auto-Duplex, Auto-Speed

Available but not configured via nameif

MAC address 0012.d948.f619, MTU not set

IP address unassigned

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max packets): hardware (0/0) software (0/0)

output queue (curr/max packets): hardware (0/0) software (0/0)

Collin Clark · ‎02-12-2008

We found out (config guide) that the ASA only supports trunking with the Security Plus license.