cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
904
Views
0
Helpful
5
Replies

VLAN problems with SG200-8P and Cisco ASA 5505 (Sec Plus license)

joe.lawson
Level 1
Level 1

Hi,  I've been pulling my hair out trying to get simple vlan trunking working between these devices.

Basically, no clients on VLAN 99 (guest) will receive DHCP ip addresses when plugged into the SG200.  I have the SG200<>ASA VLAN trunk configured correctly, as I know it, and I've tried numerous variations (set trunk as general tag/untagged, etc., set the ap port to general tag/untag, etc).   Both AP's work properly when connected to the ASA e0/3 port but either will only pull the "inside" VLAN dhcp address when connected to the SG200 switch

VLAN 1 - inside (has separate dhcp scope assigned by ASA)

VLAN 99 - guest (has separate dhcp scope assigned by ASA)

 

 SG200purpose ASA 5505 (Sec Plus license)purpose
g2Trunk 1UP,99TUbiquiti AP (VLAN 1 works, VLAN 99 does not   
g3Access port 99Tvlan 99 does not work   
      
g8Trunk 1UP, 99T< Trunk between switch and ASA >Int e0/2switchport trunk allowed vlan 1,99
 switchport trunk native vlan 1
 switchport mode trunk
 
   Int e0/3switchport trunk allowed vlan 1,99
 switchport trunk native vlan 1
 switchport mode trunk
Second ubiquiti AP
Both VLAN 1 and VLAN 99 clients work properly
5 Replies 5

jmolina-SWOC
Level 1
Level 1

You probably won't get much help given the lack of information you have provided. You seem very confused.

 

It sounds like you are saying you have a DHCP problem, but you don't mention if static IP addressing your clients works.

 

Does your other VLAN work as expected? What's the difference between the two?

 

Have you tried eliminating the wireless APs by using a ethernet port on VLAN 99? Can you even reach the ASA on VLAN 99 with a static address?

 

If this is a DHCP problem, have you tried debugging it or tracing packets?

 

I don't mean to offend, but Garbage post in = Garbage help out.

 

Good luck.

Frustrated - yes.  Confused - maybe not as much, but I could have put some more effort into the overall picture.

There are two VLANs (1 - native) and (99 - guest).   There is a trunk port between the SG200 and the ASA configured as 1-untagged 99 - tagged.    

No clients connected to the SG200 on VLAN 99  are able to access the ASA VLAN 99 using either a static VLAN IP address or DHCP.   The problem occurs whether I configure the SG200 with an access port 99-tagged or Trunk port 1UP, 99T or general port 1U, 99UP or any combination thereof.

Anything connected to the SG200 on the native VLAN works properly.

Anything connected to the ASA VLANs (1 or 99) works properly

I have not yet tried to see what the switch is doing with the VLAN tags but I suspect I have some mismatch with the Linksys/Cisco SG200 way of setting up a VLAN and how traditional Cisco switches work.

I was hoping someone with a working SG200 - Cisco ASA setup could share their port/trunk/VLAN settings or perhaps point me in the right direction.

SG200 g2 - trunk port (1UP, 99T) -- Access Point

SG200 g2 - access port (99U)

SG200 g8 - trunk port (1UP, 99T)  connected to ASA5505  e0/3  

ASA5505 e0/3  (switchport trunk allowed vlan 1,99,  switchport trunk native vlan 1,  switchport mode trunk)

 

Thanks,

 

 

Hi Joe,

when you check mac address table on SG200 do you see any entry for VLAN 99? it should be seen on trunk as well as access once you connect devices to respective ports.

Aleksandra

Hello Aleksandara,

The device mac address is associated with the port the device is plugged into.  However the mac address is not associated with the trunk port connected to the switch (ASA).

For example

VLAN 1 native

VLAN 99 guest

g3 / Access port VLAN 99U - mac address associated

g8 / Trunk port VLAN 1U 99T - mac address not associated  (g8 is the link to other switch)

I've also tried making g3 a general port 99 tagged and untagged with the same results (mac address on g3 but not on g8)

Thanks,

 

 

Hello,

Just to be sure if ASA is on port g3 you see the mac address?

Aleksandra

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X