Skip to main content
Old_Gregg
Old_Gregg
New Member
May 29, 2015
Solved

300C Physical interface Issue

  • May 29, 2015
  • 1 reply
  • 4132 views

Hi All, 

 

I am working on a 300C unit. Pretty standard setup, It is my first time configuring the 300 model. I usually work with 90D and ASA's . I feel there is something basic I'm missing here.

 

Port10 is the WAN and is configured with a Point to Point. SSL VPN portal functioning.

Port1 has several Vlan interfaces, all working fine, net reachable, filters behaving etc. Worth mentioning Port1 belongs to it's own Zone. It's when I attempt to create a DMZ on another physical, say port 8 or 9 I get the issue. Some basic testing - even if I put say x.x.x.1 on the interface and connect my laptop direct with x.x.x.2 I get a ping Timeout which suggests my laptop can reach the x.x.x.1. I have read about the "set internal-switch-mode" command but the cli doesn't seem to recognize that syntax.

 

I would be grateful for any suggestions.

 

Many thanks.

 

B.

    Best answer by Toshi_Esumi

    I think 300c's 10 ports are separate physical interfaces (you might call it in interface mode). They're not members of "Internal" interface unlike x0d series. I guess that's why it doesn't have "internal-switch-mode" in CLI.

    Simple thing to check first is if ping is allowed on the interface, then if you have "trusthost" restrictions in admin config.

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_EsumiAnswer
    SuperUser
    May 29, 2015

    I think 300c's 10 ports are separate physical interfaces (you might call it in interface mode). They're not members of "Internal" interface unlike x0d series. I guess that's why it doesn't have "internal-switch-mode" in CLI.

    Simple thing to check first is if ping is allowed on the interface, then if you have "trusthost" restrictions in admin config.

    Old_Gregg
    Old_GreggAuthor
    New Member
    June 1, 2015

    Hi Toshi,

     

     I went and checked the "trusthost" setting in admin mode and found that I did have some restricted admin access in the admin config . As soon as I removed this portion of the config for testing I could ping the physical interface and any subsequent sub interfaces I added  . All functioning perfectly now......and something new learned.

     

    Thank you for the help Toshi, much appreciated.

     

    B. 

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    June 1, 2015

    Glad I could help. Been there and done that ourselves.

    Terms & ConditionsAccessibility statement