Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1974
Views
35
Helpful
14
Replies

Using 5506-x ASA as switch

Go to solution
jam3
Level 1
Level 1

‎01-16-2019 08:46 AM - edited ‎02-21-2020 08:40 AM

I would like to configure my 5506-x with port 1 as outside and ports 2-8 inside on the same LAN (same security levels for all) with the ASA acting as the DHCP. I'm not sure what this would be called. Can anyone port me to a relevant guide or documentation?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to jam3

‎01-16-2019 01:00 PM

Example bridge group config - change as per your setup.

 

 

interface GigabitEthernet1/3
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/4
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/5
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/6
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif LAN
security-level 100
!

interface BVI1
nameif DMZ
nameif LAN
security-level 100

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

14 Replies 14

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎01-16-2019 09:26 AM

I don't think this possible in ASA. You can group interfaces in bridge
group to be in the same VLAN but then the ASA will be in transparent mode
and won't allow for routing within the unit.
0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to Mohammed al Baqari

‎01-16-2019 09:32 AM

Just to add what @Mohammed al Baqari said, if you have a base lic than it will be 5 VLAN limitation. and if you still want to go ahead than use version 9.7 to upwards as in 5506-X support the bridge group from 9.7.

please do not forget to rate.

Go to solution
jam3
Level 1
Level 1
In response to Sheraz.Salim

‎01-16-2019 09:41 AM

5 is ok. How do I do it?

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to jam3

‎01-16-2019 09:48 AM

5 vlan come as default.

 

as an example.

exam.PNG

please do not forget to rate.

Go to solution
jam3
Level 1
Level 1
In response to Sheraz.Salim

‎01-16-2019 10:26 AM

ok, so how do I setup ports 2-6 as a VLAN?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to jam3

‎01-16-2019 01:00 PM

Example bridge group config - change as per your setup.

 

 

interface GigabitEthernet1/3
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/4
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/5
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/6
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif LAN
security-level 100
!

interface BVI1
nameif DMZ
nameif LAN
security-level 100

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Sheraz.Salim
VIP
VIP
In response to balaji.bandi

‎01-16-2019 01:38 PM

@balaji.bandi

interface BVI1
nameif DMZ
nameif LAN
security-level 100

!

 

thats wrong you cant have two nameif in one BVI?

 

 

please do not forget to rate.

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎01-16-2019 09:53 PM - edited ‎01-16-2019 09:54 PM

typo correction :

 

interface BVI1
nameif LAN
security-level 100

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to jam3

‎01-16-2019 01:28 PM - edited ‎01-16-2019 01:30 PM

interface GigabitEthernet1/0
 nameif Outside
 security-level 0
 ip address dhcp setroute
!
interface GigabitEthernet1/3
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/4
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/5
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/6
bridge-group 1
nameif LAN
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif LAN
security-level 100
!
interface BVI1
nameif LAN
security-level 100
!
object network LAN
 subnet 192.168.1.0 255.255.255.0
 nat (LAN,Outside) dynamic interface
!

Let me know if you have any issues with setting up. I am here to help you.

please do not forget to rate.

Go to solution
sp7412
Level 1
Level 1
In response to Sheraz.Salim

‎01-23-2019 02:14 PM

Does this work for 9.6?

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to sp7412

‎01-23-2019 02:32 PM

no its from 9.7 onwards

please do not forget to rate.

Go to solution
sp7412
Level 1
Level 1
In response to Sheraz.Salim

‎01-23-2019 02:35 PM

How do I update from 9.6 to 9.7?

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to sp7412

‎01-23-2019 02:38 PM - edited ‎01-23-2019 02:39 PM

you need a service contract with cisco in order to download the software here is the link

https://software.cisco.com/download/home/286283326/type/280775065/release/9.6.4%20Interim?catid=268438162

 

and here is the process how to upgrade it

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200142-ASA-9-x-Upgrade-a-Software-Image-using.html

please do not forget to rate.

Go to solution
sp7412
Level 1
Level 1
In response to Sheraz.Salim

‎01-23-2019 02:40 PM

I didn't get the service contract. I just bought the asa last month.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card