ASA 5505 + c2960s + cisco 871. Почему не ходит трафик?
Вырезал vlan 100 по mgmt.
На ASA
interface Ethernet0/2
switchport trunk allowed vlan 2,100
switchport mode trunk
!
interface Ethernet0/3
switchport access vlan 100
!
interface Vlan2
nameif marino
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Vlan100
description Management
nameif management
security-level 100
ip address 192.168.100.3 255.255.255.0
!
ASA упирается транком в c2960s
asa5505# sh switch vlan
VLAN Name Status Ports
---- -------------------------------- --------- -----------------------------
1 - down Et0/4, Et0/5, Et0/6, Et0/7
55 outside up Et0/0, Et0/1
100 management up Et0/2, Et0/3
c871 - 192.168.100.1
На 2960s есть отдельный mgmt порт - 192.168.100.2
ASA - 192.168.100.3
air2602 - 192.168.100.4
mgmt порт 2960s воткнут в ASA - порт e0/3.
Роутер воткнут в другой порт свича тоже транком.
С роутера могу зайти на ASA и air2602, а на свич нет.
Почему с ASA пинги на адрес 192.168.100.2 проходят, а с других девайсов - нет?
asa5505# ping 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
c871#ping 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
На ASA
interface Ethernet0/2
switchport trunk allowed vlan 2,100
switchport mode trunk
!
interface Ethernet0/3
switchport access vlan 100
!
interface Vlan2
nameif marino
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Vlan100
description Management
nameif management
security-level 100
ip address 192.168.100.3 255.255.255.0
!
ASA упирается транком в c2960s
asa5505# sh switch vlan
VLAN Name Status Ports
---- -------------------------------- --------- -----------------------------
1 - down Et0/4, Et0/5, Et0/6, Et0/7
55 outside up Et0/0, Et0/1
100 management up Et0/2, Et0/3
c871 - 192.168.100.1
На 2960s есть отдельный mgmt порт - 192.168.100.2
ASA - 192.168.100.3
air2602 - 192.168.100.4
mgmt порт 2960s воткнут в ASA - порт e0/3.
Роутер воткнут в другой порт свича тоже транком.
С роутера могу зайти на ASA и air2602, а на свич нет.
Почему с ASA пинги на адрес 192.168.100.2 проходят, а с других девайсов - нет?
asa5505# ping 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
c871#ping 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)