Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

unable to ping subinterface

Hi there,

Wondeirng if someone can help me.\

im trying to configure a new vlan to be used for wifi guest access.

i have configured the vlans on my access points and switches.

i have an ASA firewall and i have created a new sub interface in vlan 999.  see config below:

interface Ethernet0/2

description Connected to Inside

nameif inside

security-level 100

ip address 10.1.1.6 255.255.255.0

!

interface Ethernet0/2.2

vlan 999

nameif vlan999

security-level 90

ip address 10.1.2.254 255.255.255.0

!

i have logged into the switch and i am unable to ping the new subinterface.  obviously works fine if i ping it from the asa.

am i missing something out?

Everyone's tags (3)
4 REPLIES
Purple

unable to ping subinterface

  Sure the fw is not blocking ping from the outside ? 

New Member

unable to ping subinterface

hey there! thanks for the reply!

hmm the firewall is blocking ping from the outside

the subinterface i created is on the inside interface, and im trying to ping it from an internal switch.

Re:unable to ping subinterface

If the ping is hitting the inside interface first, that's your problem. You can only ping the ingress interface on an ASA, not across interfaces like a router. If you create a layer 3 SVI on the switch for vlan 999 and ping the firewall, that should be successful.

Regards,
Mike

Sent from Cisco Technical Support Android App

New Member

unable to ping subinterface

hi there, thanks for the reply.

ahh ok, how do i create a layer 3 svi on the switch?should i found this link: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/37sg/configuration/guides/l3_int.html

What i am trying to do is provide guest wifi.  Does this setup sound ok?

ASA

inside interface 192.168.1.1 /24 - for LAN

inside subinterface 192.168.2.254 /24 in VLAN999- Isolated LAN for WiFi

SWITCHES

VLAN999 created and ports added to this VLAN

i was trying to ping 192.168.2.254 from this device but it was failing

ACCESS POINTS

Access Points have been configured for WiFi

Second WiFi configured and in vlan999

Access points plugged into ports on switch that are in vlan1 and vlan999

thanks again

301
Views
0
Helpful
4
Replies
CreatePlease to create content