a cisco 2100 controller with vlan 1, 101-103 on it connected to a cisco 2960 with the same L2 vlans on and ( int vlan 1 with ip 192.168.254.101) these are connected via trunk and the trunk is up. The 2960 then connects to a cisco 500 which has (int vlan 1 with ip 192.168.254.100). everything uses 192.168.254.1 as the gateway which is the cisco ASA connected to the 500 via trunk. If i remove the 2960 and connect the 2100 directly to it via trunk it work however adding the 2960 and connecting the 2100 i stop being able to ping it. The weird thing is i see arp packets it but i just cant ping the 2100. Eventually i will remove the cat 500 but for now this needs to work and im not sure what is going on.
I am having some difficulty in understanding whether you believe that the problem is with the 2960 or with the 500. Perhaps you can provide some clarification of the problem?
But in the meantime I will assume that the issue is on the 2960 and will start from that point. Can you post the output of show vlan from the 2960? Also the output of show interface trunk from the 2960 would be helpful.
turns out the issue was due to the native vlan. The cisco ASA was configured for dot1q trunking however it seems like the ASA when when doing dot1q needs to see the native vlan 1 id however the cisco 2960 was sending it untagged as expected and the ASA was rejecting the packets. The funny thing is i had never used a cat 500 before but it was also set for native vlan 1 but it looks like the 500 tags the native vlan unlike all other cat switches i ever worked with, the cat 500 doesnt even have cli so its not your standard switch,
So the issue was the ASA was looking for tagged native vlan packets over the dot1q trunk while the 2960 was sending untagged vlan as expected but im not sure why the cat 500 was setup the same way as the 2960 yet it seems like it sends native vlan tagged,
I am glad that you were able to resolve the issue. Thank you for posting back to the forum and letting us know what the problem turned out to be. I am a bit surprised that it turned out to be needing to tag frames in the native vlan and glad that you figured that our.
this is a little weird because the cat 500 which i never worked with before shows vlan 1 as native however that works with the ASA with no issues, so i suspect that whoever put that switch there got lucky and somehow even thought on the 500 the native vlan is 1 the cat 500 still tags the vlan which traditional switches dont. I believe when doing router on a stick to a router that native vlan works perfect untagged however the the ASA it seems like it wants to see a tag for the native vlan.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...