Re: VLAN 1 is being working (pinging) but Others VLAN are not working (pinging)- Urgent

Ibrahim Bhuiyan · ‎08-14-2020

I can ping from L3 switch (from Default vlan1) to ASA Firewall port but If I ping from others any VLAN of L3 switch (Like 2,3,4,10,100,101, etc.) then I cant ping. I cant understand what is the problem. Status and Line protocol both are up.

Configuration below:

int vlan1
ip add 192.168.3.11 255.255.255.248
no sh
int gi 0/0
switchport trunk allowed vlan 1
switchport trunk encapsulation dot1q
switchport mode trunk

>>>>>>This are working

.............................................................

int vlan101
ip add 192.168.3.11 255.255.255.248
no sh
int gi 0/0
switchport trunk allowed vlan 101
switchport trunk encapsulation dot1q
switchport mode trunk

>>> This are not working

Matt Delony · ‎08-14-2020

Hello Ibrahim Bhuiyan,

There's not enough information to determine the cause of the problem.

Can you let me know the topology? Is it like this? L3 switch (G0/0)<------> ASA

Is the ASA expecting untagged packet from L3 switch? I believe working config would be untagged as vlan 1 is default native vlan and non-working config would use 802.1q tag.

balaji.bandi · ‎08-15-2020

you need to rest of the VLAN to be allowed in trunk or remove allowed VLAN so it allow all.

int gi 0/0
switchport trunk allowed vlan 1 <-- add rest vlan here
switchport trunk encapsulation dot1q
switchport mode trunk

or

int gi 0/0
no switchport trunk allowed vlan 1
switchport trunk encapsulation dot1q
switchport mode trunk

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JoeyJoe · ‎08-15-2020

Hi Ibrahim,

If you perform show int trunk you will be able to see the vlans allowed in this connection.

As mentioned by BB, you need to add the remaining vlans to the list of allowed vlans. You can perform switchport trunk allowed vlan add 2,3,4,10,100,101, etc. to achieve that (as vlan 1 seems to be working already).