Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1832
Views
0
Helpful
5
Replies

S370 VLAN Interfaces on P1

cmcclinton
Level 4
Level 4

‎10-18-2012 11:11 AM

S370 AsyncOS 7.5.0-833

As per the user manual I have used the etherconfig comand to create to VLANs on the P1 port, which is connected to an 802.1Q trunked switchport.

Each VLAN interface on the S370 has been configured with an IP address belonging to the appropriate subnet, and can be pinged from the switch.

However, if I go to the Security Services/Web Proxy menu I get the following error message "The Web Proxy cannot be configured because there is no interface configured for Web Proxy data traffic (see Network > Interfaces).”

If I configure an IP address on the parent P1 interface the error goes away.

The manual states “A physical port does not need an IP address configured in order to be in a VLAN. The physical port on which a VLAN is created can have an IP that will receive non-VLAN traffic, so you can have both VLAN and non-VLAN traffic on the same interface.”

Q. Why does the physical P1 interface need an IP address configured if the VLAN sub interfaces on the IronPort have valid IP addresses?

2 people had this problem
Labels:
0 Helpful
5 Replies 5

Erik Kaiser
Cisco Employee
Cisco Employee

‎10-24-2012 03:30 PM

Hi ,

If you would please open up asupport case. This particular issue you are experiencing is going to take more trouble shooting on a webex.

Sincerely,

Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
0 Helpful

ianmclallen
Level 1
Level 1

‎08-05-2014 06:58 AM

Hi cmcclinton,

Did you ever get this working with the ASA and Ironport S370? I am setting up a similar scenario and ran into the same issue.

 

Thanks

0 Helpful

cmcclinton
Level 4
Level 4
In response to ianmclallen

‎08-06-2014 04:08 AM

Hi Ian

I never did get it working as a layer 2 802.1Q trunk.

In the end I just setup an intermediate 'transit' vlan and layer3 routing point on a switch for all Internet traffic and placed the P1 interface and ASA into that vlan.

I did then have to put ACLs on the layer 3 switch to stop some of the internal vlans talking to each other which had previously been isolated.

 

 

 

 

0 Helpful

ianmclallen
Level 1
Level 1
In response to cmcclinton

‎01-28-2016 02:40 PM

cmcclinton,

I know it's been a year but I did end up figuring this out ( just forgot to post it, my bad). Every time I tried adding a VLAN via the web interface I kept getting this error that P1 needed an IP address. When I went and did it via command line I was able to commit my changes. It all ended up working out. If need be I can give a more detailed solution.

Your solutions sound pretty solid as well.

0 Helpful

salman-shafique
Level 1
Level 1
In response to ianmclallen

‎03-14-2016 10:45 PM

Hi cmcclinton,

I have also going to create VLANs on P1 interface and other side is Nexus 7010 for 802.1q Trunk.

I want to ask you please, once these VLANs are created, the source of traffic will be different from WSA to go to origin server for each vlan.

Also it would be great if you could share some details for this solution.

Thanks in advance!

Best Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents