Global vlan for external devices

Unanswered Question
Dec 6th, 2008

Hello! I am trying to vlan a 3548 switch so that I can put all my public-facing devices (isp router, firewall and ASA) on this switch. I cannot get the isp device to come up on the switch. I have disabled portfast, set duplex settings to 100 full, and tried both a cross-over and straight-thru to get a link light on the switch. The port is configured like this....

interface FastEthernet0/2

description Client ISP

duplex full

speed 100

switchport access vlan 20

I can't get a link light for anything. Any insight would be welcome.

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Sat, 12/06/2008 - 06:43

Suzanne

If it is router then you need a straight-thru.

Have you tried all combinations of speed/duplex ?

Have you tried a different port on your switch, one that you know works ?

Are you sure that the ISP router interface has not been administratively shutdown ?

Jon

Zanne001 Sat, 12/06/2008 - 06:57

Jon,

Thanks for the response, I have tried a different port in that vlan I created (none of the 3 work) and every premutation of duplex setting. no link light at all. I have the site currently connectied directly into the firewall, and that works (and that interface is set to auto as well). The only way I can connect to the site is to keep the cable in the firewall, which is not acceptable with the addition of the ASA.

Thanks,

Suzanne

Giuseppe Larosa Sat, 12/06/2008 - 11:29

Hello Suzanne,

the ISP router can have some security mechanism like port security if it sees more then one MAC address it shuts down the port.

if so you need to put you external devices in a DMZ interface on the ASA firewall anf have ASA outside interface to connect to the ISP.

In this way only ASA outside interface MAC address is seen by the ISP router.

You can use the same switch but you need to connect it to a free interface on ASA.

Hope to help

Giuseppe

Zanne001 Sat, 12/06/2008 - 12:33

Giuseppe,

I don't think that's it as I was able to work around the issue by installing a dumb hub, and the line protocol came right up. The problem is stictly with the line protocol I think.

Thanks,

Suzanne

Giuseppe Larosa Sun, 12/07/2008 - 03:20

Hello Suzanne,

are you using the hub in place of the switch ?

Nice to hear you solved

Best Regards

Giuseppe

Zanne001 Sun, 12/07/2008 - 08:00

Giuseppe,

Yes, the hub is in line with all the public facing devices, and the switch is just the local lan. This is for a remote site (UK) so the design is far from optimal. Thanks for your responses and ideas!

Thanks,

Suzanne

Actions

This Discussion