05-31-2012 10:56 AM - edited 03-07-2019 07:00 AM
Hello All,
I have an ASA that houses 11 VLANs, and I am trying to add a 12th.
One of the VLANs is for PCs that have internet only access.
The new VLAN will be similar, but for multifunction printers only.
VLAN 99 is for internet only and works fine, I can ping the gateway of 10.99.3.33 from any PC in that VLAN.
I am creating VLAN 98, modeling it after VLAN 99, and I cannot get a PC in the vlan to ping the gateway of10.98.3.17.
Both switch and ASA show the new VLAN 98 as UP, switchport is UP/UP.
I have deleted and recreated VLAN 98 a few times, but I cannot get a PC VLAN 98 connectivity.
Once it is working on the core switch, I will add it to the trunk to the IDS switches.
VTP is not in use, everything is manual.
Any ideas?
Relevant sippets from the ASA and switch are below.
Thanks !
Martin
Cisco ASA 5520
Cisco Adaptive Security Appliance Software Version 8.2(3)
Device Manager Version 6.3(4)
interface GigabitEthernet0/3.98
description VLAN 98 (3.98) for Printers Only (No DHCP)
vlan 98
nameif PrintersOnly
security-level 75
ip address 10.98.3.17 255.255.255.240
!
interface GigabitEthernet0/3.99
description VLAN 99 (3.99) for Internet Only (No DHCP)
vlan 99
nameif InternetOnly
security-level 75
ip address 10.99.3.33 255.255.255.224
mtu PrintersOnly 1500
mtu InternetOnly 1500
icmp permit any PrintersOnly
icmp permit any InternetOnly
static (InternetOnly,WAN) 10.99.3.32 10.99.3.32 netmask 255.255.255.224
static (PrintersOnly,WAN) 10.98.3.16 10.98.3.16 netmask 255.255.255.240
sysopt noproxyarp InternetOnly
sysopt noproxyarp PrintersOnly
======================================================================================
cisco WS-C4503-E
Version 12.2(54)SG
vlan 35,98-99,340-341,343-345,3251-3252,3421-3422
interface Vlan98
description VLAN 98 (3.98) for Printers Only (No DHCP)
no ip address
no ip proxy-arp
no ip route-cache
!
interface Vlan99
description VLAN 99 (3.99) for Internet Only (No DHCP)
no ip address
no ip proxy-arp
no ip route-cache
interface GigabitEthernet2/1
switchport access vlan 98
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet2/2
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
Solved! Go to Solution.
05-31-2012 11:15 AM
Martin,
What is the IP address and gateway assigned to the PC which is connected on the Cat4500 switch on port Gig 2/1?
Cheers,
-amit singh
05-31-2012 11:54 PM
hi martin,
iam not sure about your setup.
you created vlan98 on both devices and created a SVI on the ASA for the vlan, but how are the two devices connected?
the ip address, mask and gateway are alright.
05-31-2012 11:15 AM
Martin,
What is the IP address and gateway assigned to the PC which is connected on the Cat4500 switch on port Gig 2/1?
Cheers,
-amit singh
05-31-2012 01:51 PM
IP: 10.98.3.18
Mask: 255.255.255.240
D/G: 10.98.3.17
05-31-2012 11:54 PM
hi martin,
iam not sure about your setup.
you created vlan98 on both devices and created a SVI on the ASA for the vlan, but how are the two devices connected?
the ip address, mask and gateway are alright.
06-04-2012 11:53 AM
OK, I was looking at how the switch and the ASA were connected, and vlan 98 was not in the allowed list on the trunking interface. I added vlan 98 to the allowed list, and everything immediately came up. Thanks everyone !
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide