Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Unable to ping from directly connected Switch to ASA

 

Hi Everyone,

 

Here is setup below

ASA1-----SW------access port to ----ASA2

ASA1 has vlan 4 IP 192.168.1.171

ASA2 has vlan 4 IP 192.168.1.173.

 

ASA1 has direct connection to Switch  and Switch has direct connection to ASA2.

I can ping from ASA1 to IP  192.168.1.173.

 

Switch config is below

 

Switch port connected to ASA1 and ASA2 has config below

switchport mode access

switchport access vlan 4

 

Switch does not have SVI vlan 4.

From switch i can not ping the IP 192.168.1.171 or 173.

When i config SVI vlan 4 with IP 192.168.1.174 on switch then i can ping IP 192.168.2.171 and .173

 

Need to know is this default behaviour?

 

Regards

Mahesh

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Hi Mahesh,This is expected

Hi Mahesh,

This is expected behavior.

When you have SVI for vlan 4 created on the SW and when you initiate a ping, the ping will be sourced with SVI vlan 4 interface. The switch now knows both the source and destination is on same subnet and hence send a arp broadcast to all vlan 4 ports and ASA responds with its MAC address and ping works.

But when you don't have a SVI for vlan 4 on switch, the ping will be sourced with some other ip address (may be the managment interface of switch) and there should be routing enabled in route this packet to different network.

Hope that helps.

Regards

Najaf

 

 

 

3 REPLIES
Gold

Hi Mahesh,This is expected

Hi Mahesh,

This is expected behavior.

When you have SVI for vlan 4 created on the SW and when you initiate a ping, the ping will be sourced with SVI vlan 4 interface. The switch now knows both the source and destination is on same subnet and hence send a arp broadcast to all vlan 4 ports and ASA responds with its MAC address and ping works.

But when you don't have a SVI for vlan 4 on switch, the ping will be sourced with some other ip address (may be the managment interface of switch) and there should be routing enabled in route this packet to different network.

Hope that helps.

Regards

Najaf

 

 

 

New Member

 Many thanks

 

Many thanks Najaf

Regards

Mahesh

Gold

Thanks Mahesh for marking

Thanks Mahesh for marking this as correct answer smiley

42
Views
0
Helpful
3
Replies
CreatePlease to create content