Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Global vlan for external devices

Hello! I am trying to vlan a 3548 switch so that I can put all my public-facing devices (isp router, firewall and ASA) on this switch. I cannot get the isp device to come up on the switch. I have disabled portfast, set duplex settings to 100 full, and tried both a cross-over and straight-thru to get a link light on the switch. The port is configured like this....

interface FastEthernet0/2

description Client ISP

duplex full

speed 100

switchport access vlan 20

I can't get a link light for anything. Any insight would be welcome.

Thanks!

6 REPLIES
Hall of Fame Super Blue

Re: Global vlan for external devices

Suzanne

If it is router then you need a straight-thru.

Have you tried all combinations of speed/duplex ?

Have you tried a different port on your switch, one that you know works ?

Are you sure that the ISP router interface has not been administratively shutdown ?

Jon

New Member

Re: Global vlan for external devices

Jon,

Thanks for the response, I have tried a different port in that vlan I created (none of the 3 work) and every premutation of duplex setting. no link light at all. I have the site currently connectied directly into the firewall, and that works (and that interface is set to auto as well). The only way I can connect to the site is to keep the cable in the firewall, which is not acceptable with the addition of the ASA.

Thanks,

Suzanne

Hall of Fame Super Silver

Re: Global vlan for external devices

Hello Suzanne,

the ISP router can have some security mechanism like port security if it sees more then one MAC address it shuts down the port.

if so you need to put you external devices in a DMZ interface on the ASA firewall anf have ASA outside interface to connect to the ISP.

In this way only ASA outside interface MAC address is seen by the ISP router.

You can use the same switch but you need to connect it to a free interface on ASA.

Hope to help

Giuseppe

New Member

Re: Global vlan for external devices

Giuseppe,

I don't think that's it as I was able to work around the issue by installing a dumb hub, and the line protocol came right up. The problem is stictly with the line protocol I think.

Thanks,

Suzanne

Hall of Fame Super Silver

Re: Global vlan for external devices

Hello Suzanne,

are you using the hub in place of the switch ?

Nice to hear you solved

Best Regards

Giuseppe

New Member

Re: Global vlan for external devices

Giuseppe,

Yes, the hub is in line with all the public facing devices, and the switch is just the local lan. This is for a remote site (UK) so the design is far from optimal. Thanks for your responses and ideas!

Thanks,

Suzanne

164
Views
4
Helpful
6
Replies