Re: Configuring VLANs - Page 2

ronin2307 · ‎02-08-2008

Hi,

I am very new to Cisco hardware and VLANs in general. We have a very simple network setup (ASA5510 set up as a router/firewall and many switched of which I am only trying to deal with a Cisco Catalyst 2960).

WHat I was hoping to do without any additional wiring is to add a VLAN for an AP that would be used for guest access to the internet, but not the internal network.

So on the ASA i created a subinterface off of the main inside interface and on the 2960 I created a new VLAN. Then i tried to configure the port on the 2960 to which the ASA is connected as a trunk port, but at that moment everybody loses the connection to the outside.

Basically, where can i find any documentation on how to properly set this up with the hardware I have.

I am sure i am missing many things, but I do need some guidance.

Thank you

ronin2307 · ‎02-11-2008

tboard#show interface trunk

Port Mode Encapsulation Status Native vlan

Gi0/12 on 802.1q trunking 200

Port Vlans allowed on trunk

Gi0/12 200

Port Vlans allowed and active in management domain

Gi0/12 200

Port Vlans in spanning tree forwarding state and not pruned

Gi0/12 200

tboard#

ronin2307 · ‎02-11-2008

ASA

!

interface Ethernet0/2

description Trunk Only!!!! DO NOT CONFIGURE

speed 100

duplex full

nameif dmz

security-level 10

no ip address

!

interface Ethernet0/2.200

description WiFi DMZ

vlan 200

nameif WIFI

security-level 10

ip address 192.168.2.1 255.255.255.0

!

ronin2307 · ‎02-11-2008

switch

I use port 13 to connect my laptop with a hardcoded IP of 192.168.2.100

tboard#sh running-config interface gig 0/12

Building configuration...

Current configuration : 197 bytes

!

interface GigabitEthernet0/12

description ASA_DMZ

switchport trunk native vlan 200

switchport trunk allowed vlan 200

switchport trunk pruning vlan none

switchport mode trunk

speed 100

end

tboard#sh running-config interface gig 0/13

Building configuration...

Current configuration : 124 bytes

!

interface GigabitEthernet0/13

switchport access vlan 200

switchport trunk allowed vlan 200

switchport mode access

end

ronin2307 · ‎02-11-2008

based on what i posted do you see anything obvious I am missing?

Collin Clark · ‎02-12-2008

That looks OK, can you post the interface config on the FW?

ronin2307 · ‎02-12-2008

please look at the post titled ASA...

But i don't believe that is the problem, at least not yet.

I tried to ping my laptop when i had it plugged in the switch at port 0/13 and got timed out. I pinged it from the switch itself, so i have to have something messed up with the port config on the switch

Collin Clark · ‎02-12-2008

Oops sorry. The IP on the laptop was in the 192.168.2.0/24 network right? Can you give the switch an IP or are you managing it in-band (ie Telnet/SSH)?

ronin2307 · ‎02-12-2008

hehe, now you are pointing out something obvious that I missed.

the switch does have an ip 192.168.1.8.

question is how does that affect this whole scenario, if at all?

Collin Clark · ‎02-12-2008

None really. I'm assuming your using a layer 2 switch and hence can have only 1 IP address. The 192.168.1.8 is part of your management domain. If you have a L3 switch you can have multiple IP addresses on the switch and you could configure vlan 200 with an IP and we could test directly from the switch instead of the laptop. The laptop was int 192.168.2.0/24 right?

ronin2307 · ‎02-12-2008

yes it is a L2 switch 2960 model.

the laptop and the VLan were configured for .2.0/24

Collin Clark · ‎02-12-2008

Hmmm. What version of OS is on the ASA? Can you post a show interface for the ASA?

Collin Clark · ‎02-12-2008

Add this to your ASAs interface.

switchport mode trunk

switchport trunk allowed vlan 200

ronin2307 · ‎02-12-2008

0/2 or 0/2.200

Collin Clark · ‎02-12-2008

0/2

ronin2307 · ‎02-12-2008

can't. the switchport command doesn't appear to exist. i tried it on config-if and just config