That is what we need, right? The traffic to the phsyical interface should not be tagged. The physical interface can't understand tagged traffic. Only the sub-interface can understand tagged traffic with the "vlan" keyword.
vlan 12 in the allowed vlan list, makes it tagged. With regards Kings On Tue, Apr 13, 2010 at 2:54 PM, 'Segun Daini <[email protected]> wrote: > To allow the trunk to pass vlan 12 traffic. specifying it a the native > vlan is just telling the switch to not TAG vlan 12 traffic. > > Regards > > ------------------------------ > *From:* Kingsley Charles <[email protected]> > *To:* [email protected] > *Sent:* Tue, April 13, 2010 9:56:31 AM > *Subject:* [OSL | CCIE_Security] Native vlan mapped to physical interface > > Hi all > > Vol 2 > Lab 15 > Section 1.0 > > ASA1's e0/0 is connected to cat 3 f0/10. > vlan 12's subnet address is 192.1.12.0. > e0/0's IP address is 192.1.12.10. > > "switchport trunk native vlan 12" alone is suffice to route traffic from > "192.1.12.0" to ASA1's e0/0. > > Why are we adding vlan 12 in the trunk allowed list? > > > > *ASA 1 config* > > interface Ethernet0/0 > nameif outside > security-level 0 > ip address 192.1.12.10 255.255.255.0 standby 192.1.12.60 > ! > interface Ethernet0/0.55 > vlan 55 > nameif DMZ55 > security-level 55 > ip address 192.168.5.10 255.255.255.0 standby 192.168.5.60 > > *Cat3 config* > > interface FastEthernet0/10 > description ASA1 F0/0 > switchport trunk encapsulation dot1q > switchport trunk native vlan 12 > switchport trunk allowed vlan 12,55 > switchport mode trunk > > > > > > With regards > Kings > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
