Layer 3 switching and ASA 5505 with OSPF

Unanswered Question
Jun 16th, 2012
User Badges:

We are setting up a test lab in our DMZ.  The path to the internet is basically like this.  Anything past the firewall is irrelevant. For this lab lets assume it is vlan 300.


LAB SW ---> DMZ-SW ---> ASA FW ---> INTERNET

LAB IP Range = 172.16.300.0 /24

GW = 172.16.300.1 (On FW int)

Trunked all the way through.


I have an int vlan set up on the LAB SW.  It is being trunked to DMZ SW.   DMZ trunks it to ASA FW where there is a failover with a redundant switch.

On the ASA the interface 0/2 is a subinterface 0/2.300 being used as the default gateway. 


I have DHCP running in a specific range on the LAB SW and do get an ip address when plugged in.  I cannot ping the default gateway on the ASA FW.

The GW is defined using default-router command for 172.16.300.1 i.e.  default-router 172.16.300.1


  I have two questions as to why this might be:


We are running ospf on the firewall.  There appears to be a pattern with ospf and a similar subnet setup elsewhere. 

I was wondering based off of this info would configuring ospf for 172.16.300.0/24 allow me to ping the GW from a client on the LAB SW.


Secondly.  I trunked 300 on the DMZ SW but I didnt add the vlan  to the configuration. i.e.  conf t <enter> vlan 300 <enter>  Does this really matter?  Or is having the vlan in the configuration only pertain to access mode on interfaces?



I hope I was descriptive enough for you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ryates_presido Sat, 06/16/2012 - 21:20
User Badges:

You have to have the vlan on the dmz switch. That is why you can't reach the eg. Do a show interface trunk and you should see all interfaces that are trimming and all vlans active on the interface


Sent from Cisco Technical Support iPad App

Actions

This Discussion

Related Content