Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
4
Replies

unable to ping subinterface

gerardobrien
Level 1
Level 1

‎08-21-2013 04:54 PM - edited ‎03-07-2019 03:03 PM

Hi there,

Wondeirng if someone can help me.\

im trying to configure a new vlan to be used for wifi guest access.

i have configured the vlans on my access points and switches.

i have an ASA firewall and i have created a new sub interface in vlan 999.  see config below:

interface Ethernet0/2

description Connected to Inside

nameif inside

security-level 100

ip address 10.1.1.6 255.255.255.0

!

interface Ethernet0/2.2

vlan 999

nameif vlan999

security-level 90

ip address 10.1.2.254 255.255.255.0

!

i have logged into the switch and i am unable to ping the new subinterface.  obviously works fine if i ping it from the asa.

am i missing something out?

Labels:
0 Helpful
4 Replies 4

glen.grant
VIP Alumni
VIP Alumni

‎08-21-2013 05:07 PM

  Sure the fw is not blocking ping from the outside ? 

0 Helpful

gerardobrien
Level 1
Level 1
In response to glen.grant

‎08-21-2013 05:10 PM

hey there! thanks for the reply!

hmm the firewall is blocking ping from the outside

the subinterface i created is on the inside interface, and im trying to ping it from an internal switch.

0 Helpful

Mike Williams
Level 5
Level 5

‎08-21-2013 07:29 PM

If the ping is hitting the inside interface first, that's your problem. You can only ping the ingress interface on an ASA, not across interfaces like a router. If you create a layer 3 SVI on the switch for vlan 999 and ping the firewall, that should be successful.

Regards,
Mike

Sent from Cisco Technical Support Android App

0 Helpful

gerardobrien
Level 1
Level 1

‎08-22-2013 06:46 PM

hi there, thanks for the reply.

ahh ok, how do i create a layer 3 svi on the switch?should i found this link: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/37sg/configuration/guides/l3_int.html

What i am trying to do is provide guest wifi.  Does this setup sound ok?

ASA

inside interface 192.168.1.1 /24 - for LAN

inside subinterface 192.168.2.254 /24 in VLAN999- Isolated LAN for WiFi

SWITCHES

VLAN999 created and ports added to this VLAN

i was trying to ping 192.168.2.254 from this device but it was failing

ACCESS POINTS

Access Points have been configured for WiFi

Second WiFi configured and in vlan999

Access points plugged into ports on switch that are in vlan1 and vlan999

thanks again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card