Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2093
Views
0
Helpful
6
Replies

loop on CISCO ASA 5505

Alexandre Letard
Level 1
Level 1

‎03-20-2013 03:16 AM - edited ‎03-07-2019 12:22 PM

Hello,

I have a problem with the configuration of my Cisco ASA 5505. I have 2 interfaces 0/2 and 0/3 which are each connected to a switch SW1 and SW2.

On these interfaces I have a trunk multiple VLANs. When I plug the interface 0/2 on the SW1 no problem. But when I add the interface 0/3 on SW2, I have a loop that is.

I made a shema to understand.

ASA-loop.PNG

the 5505 does not support the spanning tree, the spanning tree is configured on two switches.

Is there a solution to activat the interface 0/3 when 0/2 is down ?

Config of  ASA (0/3 is shutdown to avoid the loop) :

interface Ethernet0 / 2

  switchport trunk allowed vlan 2-4

  switchport mode trunk

!

interface Ethernet0 / 3

  switchport trunk allowed vlan 2-4

  switchport mode trunk

  shutdown

!

Labels:
0 Helpful
6 Replies 6

cadet alain
VIP Alumni
VIP Alumni

‎03-20-2013 04:02 AM

Hi,

you can use the redundant interface feature:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1045838

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Alexandre Letard
Level 1
Level 1
In response to cadet alain

‎03-20-2013 04:15 AM

thank you, I'll watch.

I found this command that also seems to solve my problem:

switchport protected (on both interfaces)

Not familiar with the operation of this command. I'll try your method which is more understandable.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Alexandre Letard

‎03-20-2013 04:29 AM

Hi,

switchport protected will prevent interfaces with this feature to communicate, this is also called pvlan edge feature but it will not prevent STP loops to my best knowledge.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Alexandre Letard
Level 1
Level 1
In response to Alexandre Letard

‎03-20-2013 04:29 AM

unfortunately I do not have controls available ...

FW-B1#

FW-B1# conf t

FW-B1(config)# int ?

configure mode commands/options:

  Ethernet  IEEE 802.3

  Vlan      Catalyst Vlans

 

FW-B1(config)# int

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Alexandre Letard

‎03-20-2013 05:03 AM

Hi,

you can also try this on the switch side:

http://www.the-lan-man.net/wordpress/2010/asa-5505-switch-redundancy/

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Alexandre Letard
Level 1
Level 1
In response to cadet alain

‎03-20-2013 07:27 AM

thank you for your help Alain,

unfortunately i don't have a 3750 stack behind but I have only 2 DELL 3524 without stack.

there is just a port-channel between swtichs.

I'll keep looking, but my case seems to have no solution

thank you again


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card