Cisco WAN :: Asa 5520 The Vlan Going Up And Down
Dec 8, 2011
I have connected an ASA 5520 firewall DMZ to SERVER (17) vlan in core switch and INSIDE is connected as trunk to the core switch (including vlan 15,18). now the management ip of the switch is 10.xx.xx.126/25. and the other vlans are showing "administratively down"..but if I enter to any of the other vlans and do a "no shut", that particular vlan wil go UP but the other 2 will go down..means only one vlan become up at a time.
View 4 Replies
ADVERTISEMENT
Dec 8, 2011
I have connected an ASA 5520 firewall DMZ to SERVER (55) vlan in core switch and INSIDE is connected as trunk to the core switch (including vlan 66,77). now the management ip of the switch is 10.xx.xx.126/25. and the other vlans are showing "administratively down"..but if I enter to any of the other vlans and do a "no shut", that particular vlan wil go UP but the other 2 will go down..means only one vlan become up at a time.
View 1 Replies
View Related
Oct 11, 2011
How do you create a vlan? In enable mode, there is no "vlan" command.
View 4 Replies
View Related
Feb 16, 2011
i would like to setup a L2 VLAN trunk connection over a VPN. I hear this can be done with a GRE tunnel. I currently have Cisco MWR2941's that i would like to configure the TRUNKs on then push them over a 5520 VPN ( IPSEC Tunnel ) to a 5510. on the other side of the 5510 i will have another MWR2941 to recieve the trunk.
how to configure this trunk or some configuration ideas?
View 3 Replies
View Related
Aug 18, 2011
Is there any documentation on how to extend a VLAN over WAN using a ASA 5520 appliance?I will be inheriting the network appliance and need to make the configuration change.
View 2 Replies
View Related
Jul 4, 2011
I have 2 active sites (Site A and Site B), currently there are a number of vlans stretched between the 2 location via a layer 2 link. We are looking at a planned refresh and moving away from an layer 2 link to a layer 3 link. We are also deploying Cisco ASA5520 at below locations. I still need to be able to stretch the vlan between the 2 location and wondering how best to achieve this. Can this be achieve using Cisco ASA or do I require a layer of routers in from of the Cisco ASA to achieve this.
View 6 Replies
View Related
May 26, 2013
Site A:
ASA5520
VLAN data subnet 172.16.10.x/24
VLAN Voice subnet 10.0.0.x/24
Site B:
ASA5505 Base license
VLAN data subnet 192.168.10.x/24
VLAN Voice (restr) subnet 10.0.1.0/24
The callmanager is located on site A and needs to sent out DHCP-offers to site B through the VPN so the IP-phones can register to the callmanager. I got the VPN up and running for the data-subnet but i can't get traffic through the voice-subnet/VLAN.
Can the ASA's do the job or do I need to route traffic before the ASA's on both sides and sent it through the tunnel, configured both subnets as interesting traffic? Ofcourse the last situation I need to upgrade the license for the 5505 to gain more VLAN's.
View 4 Replies
View Related
Jul 31, 2011
We use Cisco Any connect with a Cisco ASA 5520 firewall. Today I changed the inside interface of the firewall's IP because i needed to do some inter vlan routing and needed to move the inside interface from the lan vlan to a routed port on our 3750.
Now people can vpn and authenticate to the MS radius inside but cannot access any network resources nor ping anything inside.
View 1 Replies
View Related
Jul 26, 2010
I am a complete novice at networking, but I was tasked to have an ASA 5520 do inter VLAN routing (since my shop doesn't have a layer 3 router).As a basic setup, I am trying to have three workstations on three different VLANs communicate with each other. The attached screenshot shows the topology. I am unable to ping from a PC to the ASA...therefore I can't ping to other VLANs.
ROUTER CONFIG:
ciscoasa#ciscoasa# show run: Saved:ASA Version 8.3(1)!hostname ciscoasadomain-name nullenable password ###### encryptedpasswd ###### encryptednamesdns-guard!interface GigabitEthernet0/0no nameifno security-levelno ip address!interface GigabitEthernet0/1no nameifsecurity-level 100ip address 10.10.1.1 255.255.255.0!interface GigabitEthernet0/1.10vlan 10nameif vlan10security-level 100ip address 10.10.10.1 255.255.255.0!interface GigabitEthernet0/1.20vlan 20nameif vlan20security-level 100ip address 10.10.20.1 255.255.255.0!interface GigabitEthernet0/1.30vlan 30nameif vlan30security-level 100ip address 10.10.30.1 255.255.255.0!interface GigabitEthernet0/2shutdownno nameifno security-levelno ip address!interface
[code]....
View 30 Replies
View Related
Mar 17, 2011
I´m trying to configure a subinterface named Inside with vlan 1 but the interface stops work with this vlan.My switch is a Cisco and use the lan with vlan 1 too.If I change de vlan for other i.e vlan13 works fine. And all others vlans works fine too.Is there a problem to use the vlan 1?
My configuration is:
Cisco ASA:
interface gig0/3
no ip address
no security
no nameif
Interface gig0/3.1
vlan 1
nameif Inside
Securirity-level 100
ip address 10.x.y.x 255.255.224.0
The giga port of the swtich is configure to trunk model.
View 2 Replies
View Related
Nov 24, 2011
I have ASA 5520 and SSM-10 module. During copy between vlans, connected to gigabit port of asa the speed is up to 6,5 Mbyte/sec. Network cards and trunked switch are gigabit. I've temporarily disabled SSM but it didn't work. Here is my config. Also I found out, that putting SSM into bypass mode solves the problem. But I don't send any traffic to IPS. [code]
View 2 Replies
View Related
Jan 23, 2012
Currently, we have a Cisco router (28xx), ASA 5520, and a core switch 4500. We have different vlans. We also have Auto QoS running for our Cisco IP Phones.My manager just asked me to see if I can either reserve some certain bandwidth for one vlan, or give that vlan higher priority on internet traffic than the others.
1.) Anyway we can reserve some more bandwidth for one vlan than other vlans?
2.) If #1 cannot be done, how can we provide higher priority on the internet traffic to one vlan than the others?
3.) Is #1 or #2 the same config? If not, which one would be easier (without changing our current QoS settings)?
4.) If 1 or 2 can be done, which device I should config the settings on?
5.) This question may be duplicate, but do we need to reset our current QoS to achieve the goal?
View 6 Replies
View Related
May 30, 2012
I have an ASA that houses 11 VLANs, and I am trying to add a 12th.One of the VLANs is for PCs that have internet only access.The new VLAN will be similar, but for multifunction printers only.VLAN 99 is for internet only and works fine, I can ping the gateway of 10.99.3.33 from any PC in that VLAN.I am creating VLAN 98, modeling it after VLAN 99, and I cannot get a PC in the vlan to ping the gateway of10.98.3.17.Both switch and ASA show the new VLAN 98 as UP, switchport is UP/UP.I have deleted and recreated VLAN 98 a few times, but I cannot get a PC VLAN 98 connectivity.Once it is working on the core switch, I will add it to the trunk to the IDS switches. VTP is not in use, everything is manual. [code]
View 4 Replies
View Related
May 27, 2013
I have a multiple Offices in my location , all my external users are connecting my site using Cisco Client to site VPN and accessing my 2 sites , All users are able to access my 2nd office servers which are in 10.10.0.x pool , I have a different vlan in that same location with 10.10.35.x series and users are not able to access this pool servers , I am not much familiar with Routing . i am using ASA 5520 firewall .
View 11 Replies
View Related
Mar 28, 2013
I am working for a large campus network. The network has more than 70 VLANS in a Layer 3 Switch(Catalyst 4503). Customer wants to stop intervlan routing between all vlans except 2 vlans. How will i do that? I have also a Firewall (ASA 5520) & a Router (2811) in up of the switch. Besides this, I have run HSRP in Layer 3 Switches for redundancy.how will i stop intervlan routing between VLANS except 2, with ACL or any other process has?
View 10 Replies
View Related
May 12, 2011
We are trying to config vlan 10 for data and vlan 20 for voice on the same port - port 1 of swtich SF300-24P to run both data and voice on different vlans.Do I have to add vlan 10 as an untagged vlan to port 1 and add vlan 20 as an tagged vlan to port 1?If I do not want to assign the native vlan 1 to port 1, how can I remove it ? The GUI page - assign VLAN to port does not allow to remove it.Aslo, what mode shall I set up on port 1? General, trunk or access ?
View 18 Replies
View Related
Jan 12, 2013
How do I submit an RFE (Request For Enhancement) to the Cisco SBR team to encourage them to implement the missing support for VLAN to VLAN firewall rules that was available in the RVS4000 (See [URL]) and that was supposedly added to a beta release of the RV220W firmware (See [URL])?
View 1 Replies
View Related
Jan 10, 2012
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies
View Related
Jan 10, 2013
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
View 4 Replies
View Related
Aug 12, 2012
We have 6509 VSS with FWSM Module and we have created two context on it, one is INTERNALL CONTEXT othe is EXTERNALL Context? We have spanned various VLANS in switches and FWSM context level. All VLAN Gateways are configured in context level.
Activity description : We had planned migration of these devices into a new Datacenter, it was a planned activity. During migration of devices from one Dc to a new DC we broke the VSS and kept the primary running and removed the secondary switch and migrated this secondary to new DC and powered this device ON in the new DC and checked all the config was very much fine but this device was OFF network as secondary was brought to new DC just to limit the downtime during the primary switch movement.
During the activity ( Primary switch movement )We powered off the Primary switch and mean time before shifting into new Data center We had brought up secondary switch which was already existing in the DC was put live in the network and it was working fine without any issues.
Later we had moved Primary into new data center and tried to put into VSS with the secondary , during this period the secondary device into went into RECOVERY MODE and primary device was not responding and devices went off network and immediatly we removed the VSL link and brought up primary into production network without secondary online in the network ( Without VSS just stand alone switch ) network started working, but bringing up the primary we found that some of the VLANS in the FWSM was deleted and some VLAN had misconfiguration ( example : say original VLAN ip 10.200.112.1 has become 10.300.13.1 ) also some of the access list as well as SVI was deleted making configuration mismatch.
Wanted to know while syncronization b/n primary and secondary switch in VSS if we pull out VSL link would create this type of issues.
View 1 Replies
View Related
Feb 2, 2011
I have set up 2 DHCP pools and 2 VLANs (1 *the native* for data / 1 VLAN for voice). When I use the command "switchport voice vlan 20" the port disapear from the show vlan brief list. When I use the "switchport access vlan 20" it shows up in the show vlan brief in the correct VLAN and gives the phone an IP. I assume that using the access instead of the voice is wrong and the phones would not configure correctly. But when I use the access the phone goes to the next step and tells me the TFTP files are not found. Why does the port disapear from the VLAN list?
View 8 Replies
View Related
Mar 31, 2013
i need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
View 4 Replies
View Related
Sep 16, 2012
I have a 3750G switch in my production network that only has VLAN 1 on it. All ports are in a default state and VLAN 1 is disabled. The switch is passing traffic but shouldn't having the default VLAN shut down cause the ports not to pass traffic? If I start to create VLANs will that cause the switch to stop passing traffic?
View 4 Replies
View Related
Oct 12, 2011
I'm wanting to setup a Virtual Office scenario. Everything is working fine except for 802.1x...I can get the 881 to authenticate things connected to it, but I don't have the options of guest-vlan or auth-fail vlan.Idea is if the users takes the router home and someone, either accidentally or on pupose, connects an unauthorized Laptop, they stay off the Corp network but can get to the internet still.I found this link on Cisco's site: [URL]That link shows them configuring a guest vlan right on the fa0-3 ports of an 881W. I dont have that option on mine. I can only configure 802.1x on the vlan interface. I have 802.1x working, for things that connect to vlan1, but I would like to have a "fallback" setup.
EZVPN_Remote(config-if)#int fa1
EZVPN_Remote(config-if)#dot
EZVPN_Remote(config-if)#dot1?
dot1q
EZVPN_Remote(config-if)#dot1
[code]....
View 1 Replies
View Related
Jun 13, 2011
I am trying to setup a L2tpv3 VLAN-to-VLAN tunnel.My setup has two Cisco 890 router with Cisco IOS Software version 15.0(1) M4. These routers are connected directly on FastEthernet port 8.
One linux machine is connected on FastEthernet port 0 on each router. The two linux machines are on same vlan. I am trying to establish a vlan-to-vlan tunnel between the routers and send traffic between the linux machines.
I followed the case study 11.4 from [URL] and configured the l2tp-class and pseudowire-class. However, the vlan interface configuration is different on 890 router.
I configured a vlan interface as follows.
(config)#vlan 200
(config)# interface FastEthernet 0
#shutdown
#switchport access vlan 200
(config)# interface vlan 200
I don't see the 'xconnect' command in this context. What's wrong with my configuration?
View 3 Replies
View Related
Nov 20, 2012
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
View 2 Replies
View Related
Nov 21, 2012
i'm going mad on following problem. I'm trying to get 2 networks seeing each other while one of the network is a non VLAN network and the other one is a VLAN network.They should use the same interface so i added VLAN e0/0.122 to the interface e0/0.Send a ping from my asa to both gw-IP's made me happy at first. In second in figured out that i cannot reach any client in the other network. For testing purpose i created an permit acl to any/any for both networks, but the packets still get dropped by the default implicit rule. (deny any/anyMaybe i'm to stupid for this
View 10 Replies
View Related
Nov 27, 2012
I am trying to set up a Vlan on an SF-302-08 small business switch. I would like two Vlans both with internet access but the two cannot communicate with each other. I am not really sure how to go about setting this up as its all fairly new to me. I have successfully set up the Vlans and the ports on each VLAN cannot communicate with each other however the internet access will only work when plugged into either VLAN but wont work on both together
View 1 Replies
View Related
Jan 23, 2013
I've been given the task to clean-up our network config, and have walked into a disaster zone.We have a 4510R on site with everyone using the default VLAN, VLAN 1.I have created 4 new VLANS, VLAN100, VLAN150, VLAN200, VLAN250 I have assigned interface addresses to each VLAN and configured Inter VLAN routing.I can route to and from each new vlan with no problem, i.e VLAN250>VLAN100 VlAN100>VLAN200 etc but I can't route to VLAN 1(Default VLAN) from any of them, I can ping the interface on VLAN 1 from any VLAN , but any hosts are unreachable. On the flip side , from VLAN 1 I can route to all of the VLANS.
View 3 Replies
View Related
Apr 6, 2013
I have some problem in my small network.I have 2 SF-300 48 port switches and connected to 847 router for intervlan routing. I configure 7 vlan in SW1 and uplink to SW2 with trunkport.
The problem is that if i used default gateway for users ip address of interface (vlan interface) is ok. I bring two adsl modem and connected to vlan1 and vlan2 for internet access. When i connected this two modem vlan 1 and vlan 2 are not going to access other vlan 3,4,5,6,7 and wise versa.
vlan1 users getting default gateway from adsl modem ip, how i can permit this two vlan should to access other vlan 3,4,5,6,7 and 3,4,5,6,7 should access to internet also.
[URL]...
View 4 Replies
View Related
Jan 20, 2011
I have a Netgear GSM7248R switch with 5 different Vlans including th management Vlan. Each of the vlans are connected to my layer 3 switch for routing. I want to access the management vlan form any of my Vlans so my layer two switch can be detected by my snmp manager.
View 3 Replies
View Related
Nov 2, 2012
We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
View 1 Replies
View Related
Nov 23, 2011
I have one NAM 2204 upgraded to 5.1.2 version, but in Monitor - Traffic Summary - TOP N VLAN appears only VLAN 0, Why?
View 1 Replies
View Related
