Solved: Isolated VLAN canot ping gateway Cisco ASA 5520 catalyst_4500

CSCO11589626 · ‎05-31-2012

Hello All,

I have an ASA that houses 11 VLANs, and I am trying to add a 12th.

One of the VLANs is for PCs that have internet only access.

The new VLAN will be similar, but for multifunction printers only.

VLAN 99 is for internet only and works fine, I can ping the gateway of 10.99.3.33 from any PC in that VLAN.

I am creating VLAN 98, modeling it after VLAN 99, and I cannot get a PC in the vlan to ping the gateway of10.98.3.17.

Both switch and ASA show the new VLAN 98 as UP, switchport is UP/UP.

I have deleted and recreated VLAN 98 a few times, but I cannot get a PC VLAN 98 connectivity.

Once it is working on the core switch, I will add it to the trunk to the IDS switches.

VTP is not in use, everything is manual.

Any ideas?

Relevant sippets from the ASA and switch are below.

Thanks !

Martin

Cisco ASA 5520
Cisco Adaptive Security Appliance Software Version 8.2(3)
Device Manager Version 6.3(4)

interface GigabitEthernet0/3.98
description VLAN 98 (3.98) for Printers Only (No DHCP)
vlan 98
nameif PrintersOnly
security-level 75
ip address 10.98.3.17 255.255.255.240
!
interface GigabitEthernet0/3.99
description VLAN 99 (3.99) for Internet Only (No DHCP)
vlan 99
nameif InternetOnly
security-level 75
ip address 10.99.3.33 255.255.255.224

mtu PrintersOnly 1500
mtu InternetOnly 1500

icmp permit any PrintersOnly
icmp permit any InternetOnly

static (InternetOnly,WAN) 10.99.3.32 10.99.3.32 netmask 255.255.255.224
static (PrintersOnly,WAN) 10.98.3.16 10.98.3.16 netmask 255.255.255.240

sysopt noproxyarp InternetOnly
sysopt noproxyarp PrintersOnly

======================================================================================

cisco WS-C4503-E
Version 12.2(54)SG

vlan 35,98-99,340-341,343-345,3251-3252,3421-3422

interface Vlan98
description VLAN 98 (3.98) for Printers Only (No DHCP)
no ip address
no ip proxy-arp
no ip route-cache
!
interface Vlan99
description VLAN 99 (3.99) for Internet Only (No DHCP)
no ip address
no ip proxy-arp
no ip route-cache

interface GigabitEthernet2/1
switchport access vlan 98
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet2/2
switchport access vlan 99
switchport mode access
spanning-tree portfast
!

Amit Singh · ‎05-31-2012

Martin,

What is the IP address and gateway assigned to the PC which is connected on the Cat4500 switch on port Gig 2/1?

Cheers,

-amit singh

View solution in original post

flokki123 · ‎05-31-2012

hi martin,

iam not sure about your setup.

you created vlan98 on both devices and created a SVI on the ASA for the vlan, but how are the two devices connected?

the ip address, mask and gateway are alright.