Skip navigation
Cisco Learning Home > Certifications > Security (CCNA Security) > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts) 1 Helpful Answer available (2 pts)
2263 Views 4 Replies Latest reply: Mar 23, 2012 2:48 PM by joseph_rb RSS

Currently Being Moderated

ASA 5520 and Cat 2960 - VLAN Routing

Mar 23, 2012 1:03 PM

joseph_rb 5 posts since
Mar 23, 2012

I want to create multiple VLANs on the ASA for computers, printers and wireless devices. I want them all to be able to talk to to each other.

I thought I was doing it all correctly, not the case.

I can't ping the VLAN interface on the ASA from the Switch.

All the interfaces are up and I set the trunk port, what am I missing?

Below is the config files of the ASA and switch.

 

 

ASA

 

: Saved

:

ASA Version 8.2(5)

!

hostname HQ-ASA-5520

 

!

interface GigabitEthernet0/0

nameif outsideWAN

security-level 0

ip address 208.82.X.X 255.255.255.252

!

interface GigabitEthernet0/1

nameif insideLAN

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface GigabitEthernet0/1.10

vlan 10

nameif inside_10

security-level 100

ip address 192.168.10.1 255.255.255.0

!

interface GigabitEthernet0/2

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.254.1 255.255.255.0

management-only

!

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list insideLAN_access_in extended permit ip any any

access-list inside10_access_in extended permit ip any any

access-list inside01_access_in extended permit ip any any

access-list insideLAN_access_in_1 extended permit ip any any

access-list outsideWAN_access_in extended permit ip any any

access-list inside_10_access_in extended permit ip any any

pager lines 24

logging asdm informational

mtu outsideWAN 1500

mtu insideLAN 1500

mtu inside_10 1500

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat-control

global (outsideWAN) 1 interface

global (insideLAN) 2 interface

global (wireless) 3 interface

nat (insideLAN) 0 access-list insideLAN_nat0_outbound

nat (insideLAN) 1 0.0.0.0 0.0.0.0

nat (wireless) 1 0.0.0.0 0.0.0.0

nat (inside_10) 1 0.0.0.0 0.0.0.0

!

access-group outsideWAN_access_in in interface outsideWAN

access-group insideLAN_access_in_1 in interface insideLAN

access-group wireless_access_in in interface wireless

access-group inside_10_access_in in interface inside_10

route outsideWAN 0.0.0.0 0.0.0.0 208.82.X.X 1

route insideLAN 192.168.1.0 255.255.255.0 192.168.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.254.0 255.255.255.0 management

http 192.168.1.0 255.255.255.0 insideLAN

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

!

 

lifetime 86400

telnet 192.168.1.0 255.255.255.0 insideLAN

telnet timeout 5

ssh timeout 5

console timeout 0

 

!

dhcpd address 192.168.254.10-192.168.254.20 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

 

!

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

!

prompt hostname context

no call-home reporting anonymous

 

: end

 

no asdm history enable

 

and the Switch

 

Building configuration...

 

Current configuration : 2462 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname HQ-SW-2960

!

enable secret 5

!

no aaa new-model

ip subnet-zero

!

!

!

!

no file verify auto

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree uplinkfast

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport trunk allowed vlan 1,10

switchport mode trunk

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

ip address 192.168.1.2 255.255.255.0

no ip route-cache

!

interface Vlan10

no ip address

no ip route-cache

!

ip default-gateway 192.168.1.1

ip http server

!

control-plane

!

!

 

!

end

 

 

and the switch command

sho int f0/1 trunk

 

 

Port        Mode         Encapsulation  Status        Native vlan

Fa0/1      on           802.1q         trunking      1

 

Port        Vlans allowed on trunk

Fa0/1      1,10

 

Port        Vlans allowed and active in management domain

Fa0/1      1,10

 

Port        Vlans in spanning tree forwarding state and not pruned

Fa0/1      1,10

 


and the switch command

sho ip int bri

 

Interface              IP-Address      OK? Method Status                Protocol

Vlan1                  192.168.1.2   YES manual up                    up

Vlan10                 unassigned      YES manual up                    up

FastEthernet0/1        unassigned      YES unset  up                    up

FastEthernet0/2        unassigned      YES unset  up                    up

FastEthernet0/3        unassigned      YES unset  up                    up

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)