Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA sub-interfaces problem

When configuring a CatOS switch to work with the ASA sub-interfaces, are these the right commands? Thanks much.

clear trunk 2/28 1-91,94-1005,1025-4094

set trunk 2/28 on dot1q 92-93

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: ASA sub-interfaces problem

Okay, your trunk has a native vlan of 92 which means the packets sent for this vlan will not be tagged.

I don't have an ASA to test with but it may be that the ASA is expecting a tagged packet on vlan 92. So you could try changing the native vlan on the trunk link to something other than vlan 92 - the native vlan shouldn't be used to carry data traffic again.

Are your ASA subinteraces up ?

Jon

6 REPLIES
Hall of Fame Super Blue

Re: ASA sub-interfaces problem

Yes assuming that what you are trying to achieve on the CatOS switch is to have a trunk connected to the ASA that only allows vlan 92 and 93.

Jon

Community Member

Re: ASA sub-interfaces problem

Thanks Jon.

That is the intention but I cannot get a host on VLAN 92 to ping the sub-interface I created on the firewall.

I have attached my test config.

Hall of Fame Super Blue

Re: ASA sub-interfaces problem

Can you post output of "sh trunk" from the switch.

Jon

Community Member

Re: ASA sub-interfaces problem

Jon,

Your help is much appreciated.

It is attached.

Hall of Fame Super Blue

Re: ASA sub-interfaces problem

Okay, your trunk has a native vlan of 92 which means the packets sent for this vlan will not be tagged.

I don't have an ASA to test with but it may be that the ASA is expecting a tagged packet on vlan 92. So you could try changing the native vlan on the trunk link to something other than vlan 92 - the native vlan shouldn't be used to carry data traffic again.

Are your ASA subinteraces up ?

Jon

Community Member

Re: ASA sub-interfaces problem

Jon,

The issue was the VLAN tagging. I changed that to another VLAN and it works!!

Thanks again and sorry I could not get back to you before.

170
Views
0
Helpful
6
Replies
CreatePlease to create content