Solved: Re: Configuring Interfaces on Cisco 5505

Dandarius · ‎02-22-2023

Hi all,

was just wondering how to configure IP addresses on the interfaces for my Cisco 5505 Firewall.

When trying to use the command:

"interface ethernet0/1"

"ip address 192.168.1.10 255.255.255.0"

I get the message "This command can only be configured on VLAN interfaces."

When using VLAN1 to configure, no IP addresses are shown when using sh int ip brief.

Any help would be appreciated.

Richard Burts · ‎02-25-2023

I am puzzled by this " what are the commands used to configure the Ethernet interface on vlan1" Are you referring to the physical interfaces in vlan 1? Or are you referring to the vlan interface?

If you are referring to the physical interfaces they are configured as layer 2 interfaces (assign to a vlan, etc but no IP address). If you are referring to the vlan interface it is configured as layer 3 interface (can have IP address, interface name, security level, etc).

HTH

Rick

View solution in original post

Georg Pauwen · ‎02-26-2023

Hello,

also, all interfaces by default are assigned to Vlan 1. So unless you want a physical interface to be in another Vlan than Vlan 1, you don't need to configure anything.

View solution in original post

Richard Burts · ‎02-22-2023

Unlike other ASA where you do configure IP addresses on physical interfaces, the ASA5505 treats the physical interfaces as layer 2 interfaces and you configure IP addresses on the virtual layer 3 vlan interfaces. Have you tried configuring the IP address on interface vlan 1?

HTH

Rick

MHM Cisco World · ‎02-22-2023

check below my comment

Georg Pauwen · ‎02-22-2023

Hello,

does your config look like this:

ciscoasa#sh run
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif Vlan2
security-level 100
ip address 192.168.2.1 255.255.255.0
!
telnet timeout 5
ssh timeout 5
!
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.36 inside
dhcpd enable inside

The result of the command marked in bold should be:

ciscoasa#sh interface ip brief

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 unassigned YES unset down down

Ethernet0/1 unassigned YES unset down down

Ethernet0/2 unassigned YES unset down down

Ethernet0/3 unassigned YES unset down down

Ethernet0/4 unassigned YES unset down down

Ethernet0/5 unassigned YES unset down down

Ethernet0/6 unassigned YES unset down down

Ethernet0/7 unassigned YES unset down down

Vlan1 192.168.1.1 YES CONFIG up down

Vlan2 192.168.2.1 YES manual up down

Richard Burts · ‎02-22-2023

BDI interface on ASA5505?

The example config provided by @Georg Pauwen is a quite serviceable config. It establishes 2 vlans, assigns a port to vlan 2 and the other ports default to vlan 1. Each vlan gets a vlan interface with an IP address and subnet mask, which establish the subnet for the vlan. DHCP is configured to assign addresses in vlan 1. It appears to be what the original post was looking for. The one thing that surprised me was the configuration of interface vlan 2. In my experience vlan 2 would typically be treated as outside with a security level of 0. This is not to say that the config is wrong, just that it was a bit surprising.

HTH

Rick

Dandarius · ‎02-23-2023

Yes, it looks very similar to this setup. But how would I configure the IP addresses on, say, Ethernet 0/1 to "192.168.1.2 255.255.255.0"? As it states that "This command can only be configured on VLAN interfaces".

Do I need to enter a dedicated command in order to configure the IP address?

Thanks

Richard Burts · ‎02-23-2023

If we use the config suggested by Georg as the example Ether0/0 is assigned to vlan 2 and Ether0/1 is (by default) in vlan 1. So if you want address 192.168.1.2 to be associated with Ether0/1 you would configure the IP on interface vlan 1.

HTH

Rick

Dandarius · ‎02-24-2023

I've replicated the config used by Georg, but what are the commands used to configure the Ethernet interface on vlan1? (Unless DHCP is auto-enabled by default, in which case is okay).

Richard Burts · ‎02-25-2023

I am puzzled by this " what are the commands used to configure the Ethernet interface on vlan1" Are you referring to the physical interfaces in vlan 1? Or are you referring to the vlan interface?

If you are referring to the physical interfaces they are configured as layer 2 interfaces (assign to a vlan, etc but no IP address). If you are referring to the vlan interface it is configured as layer 3 interface (can have IP address, interface name, security level, etc).

HTH

Rick

Dandarius · ‎02-27-2023

Okay, that makes a lot of sense. I didn't realize that the IP interfaces were Layer 2 devices, my apologies. As I mentioned, I am relatively new to networking, so I didn't exactly understand how it worked. ]Thanks.

Richard Burts · ‎02-27-2023

I would point out that the 5505 is unique in the way that it treats its physical interfaces. All other models of ASA treat the physical interface as a layer 3 interface and you configure the IP address on the physical interface. I am glad that our explanations have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

Georg Pauwen · ‎02-26-2023

Hello,

also, all interfaces by default are assigned to Vlan 1. So unless you want a physical interface to be in another Vlan than Vlan 1, you don't need to configure anything.

MHM Cisco World · ‎02-24-2023

check