08-26-2021 12:12 AM
Hello everyone! There is a small network, a Cisco ASA 5515-x edge device and two Cisco 3750-x switches.
icmp allowed on the ASA. Switch (1/0/48) connected to GigabitEthernet0/1 device ASA. The PC connected to the port 1/0/1 Switch1 is ping successfully from ASA. The management interface (vlan101) on the switch does no ping from ASA. The switch doesn't have any access list.
What could be the problem?
asa config
------------------------
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.99
vlan 99
nameif lan
security-level 100
ip address 10.60.60.1 255.255.254.0
!
interface GigabitEthernet0/1.101
vlan 101
nameif mgmt
security-level 100
ip address 10.255.255.1 255.255.255.0
!
same-security-traffic permit inter-interface
SWITCH1
-----------------------
interface GigabitEthernet1/0/1
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/48
switchport trunk encapsulation dot1q
switchport trunk native vlan 101
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan101
ip address 10.255.255.2 255.255.255.0
!
ip default-gateway 10.255.255.1
Solved! Go to Solution.
08-26-2021 05:01 AM
Hello
you have native vlan 101 in the switchport tunk however the sub-interface on the asa .101 isn’t native it’s tagged to vlan 101 so change the native vlan to 1 on the switchport and you should gain connection
08-26-2021 05:01 AM
Hello
you have native vlan 101 in the switchport tunk however the sub-interface on the asa .101 isn’t native it’s tagged to vlan 101 so change the native vlan to 1 on the switchport and you should gain connection
08-26-2021 06:38 AM
yes it did help. thanks a lot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide