VLANs with ASA/Switch/UC, help

Unanswered Question
Apr 26th, 2010

I'm posting in this particular forum because it has to do with VLANs.  If this is not the correct place, please let me know.

I took over a network and am trying to create one additional VLAN to the topology.  I have spent much time on this without success so I'm attaching the running-configs to help speed any process along.  I've also created a *very* crude network map (via notepad!).

Right now the setup with working with the ASA, the UC520, and the 3560g Switch with VLAN1 (192.168.2.x); and the VLAN100 (10.1.2.x) which is the Voice stuff.  I'm not a VoIP person so I'd like to stay away from altering anything there.

Where I've stopped:  Added VLAN2 to switch (192.168.3.3), ASA (..3.1) and UC (..3.5).  Added a route for this network on both the Switch & the ASA.  When I give Giga0/12 switchport access vlan 2 on the switch, and hook a machine into port 12, I *can* ping 192.168.3.3, but nothing else.  I can't ping 192.168.3.1 nor 192.168.3.5 (UC520).

Can anyone take a look at the config's and throw me some help?  My assumption is that the ASA is doing the routing for all the traffic due to the route statements.

Thanks for any help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Edison Ortiz Mon, 04/26/2010 - 06:43

The machine connected to port 12 is the only device participating on Vlan2.

3.3 is the switch so it will respond to your pings. In order to ping other devices in the same Vlan, for instance 3.1 and 3.5, they need to connect to the switch on a port with access vlan 2 (same config as port 12).

Regards

Edison

scott.bridges Mon, 04/26/2010 - 07:28

Hello Edison,

Thanks for the reply.

Isn't that the function of the Trunk?  To propagate VLAN information?  Shouldn't the ASA, UC, and all other VLANs be accessible because of the Trunking?

If I assigned the ASA and/or UC to Vlan2, wouldn't that affectively remove them from Vlan1 access?

Thanks.

Edison Ortiz Mon, 04/26/2010 - 07:49

You need to configure trunking on the ASA and the UC device for it to work.

I'm not familiar with the UC configuration but definitely the ASA isn't configured for trunking.

Ideally, you will have the L3 switch doing the routing between Vlans.

Leave the UC and ASA in their own subnet and have subnet routes for 3.x network pointing to the switch.

On the workstation, all you need to have a default gateway pointing to 3.3 which is the SVI for Vlan2.

The L3 switch will forward the traffic to the other subnets.

Regards

Edison

Actions

This Discussion