Hi Brian, are you Cisco Employee? Do you know the timeframe when support is coming. The 5506 is the successor of the 5505. Pretty weird if you don't get the same (essential)  features in the new hardware.

Hi Sander,

Yes, I am a Cisco employee. I'm investigating this and will get back to you.

Thanks,

Brian

HI,

Is there an update on this? This is a pretty big mess for everyone that was expecting to be able to use the 5506 the same way as the 5505.

Thanks,5506-x no switch option as 5505?

Brian,

Have there been any updates on this limitation of the 5506-X, specifically the lack of switch-ports?  If the ASA5505 is End-of-Life, and the ASA5506-X is the recommended replacement, the lack of this functionality is a big non-starter.

It is useful to note that none of the aforementioned "workarounds" in this thread are viable.

-thanks

Brian:

I respectfully have to disagree...

Its all in a matter of knowing how to maneuver around the various options and the lack of youtube videos and config examples for real world configs  are very challenging here, to say the lease..

This is a very simple accomplishment that will group all the ports into a logical switch and assign each port to a group..  We will be using a concept of etherchannels or port-channels as Cisco defines them...  Here is the example.

As you can see the column labeled "Grouped" will arrange all the specified ports into a LACP etherport channel group, logically creating two separate segments, much like a VLAN; however there are substantial other config items that must be configured in order for this to work successfully; however it will work and function as a L2 switch, just as described...

I will post more examples and comments as I come across issues that plague me as well...

I would suggest instead of saying the latest ASA5506-X does not support switch ports or "X" you may want to fully investigate the broad range of options available to the resource users... Lack of knowledge doesn't constitute the intended use of product support.

There is not much this robust ASA5506-X platform can not do, given, time, patience and the willingness to not rely on a point and click solution.

Our company will be glad to support any users on this platform, of course for a small fee.. Please feel free to reach out with your request and we can move forward... This is a great and rocksolid brand new product; which WILL REQUIRE relearning some basic 5505 mentality; but again.. no videos, docs or real world examples are available yet...  I think this is probably the first of many to come...

Regards,

Ty Carter, President

Strategic Network Consultants, Inc.

524 East 9^th Street

Washington, NC  27889

Etherchannels will work when you connect the new ASA 5506 to another switch. A matter of adapt, i agree.

However, when no switch around, and you see this often in small remote offices/ soho (4-5 devices), what are you going to do?

Are you going to ask the customer to buy a switch for that??? no good.

The ASA 5505 was cheap, simple and it worked perfect.

To Cisco: If it ain't broke, don't fix it

I don’t believe you have to attach the device to another switch… The IOS will create its own grouping internally… I am going to put this to the test tomorrow…

I agree wholeheartedly it is a definite change in dynamic; but that was not the question posed here… I didn’t say I liked it any more than the next person.

We will see where this takes us.. at least this is according to TAC group.

Hi Ty-

Have you actually tested this with a PC connected to a channel-group1 port?

I have this setup in the lab and ran into the same issues as everyone else. We use the 5505 as a one box solution and this forces us to buy a second switch which kills our design and increases our points of failure not to mention Smartnet fees for two devices. I thought maybe your solution would work for us but I am unable to receive an address via DHCP. We use the ASA for DHCP and when I try to configure the port-channel we never receive an address. Once I remove the port-channel and use a physical interface the ASA assigns the DHCP address no problem. I'm wondering if this was a solution in theory or if it has actually been vetted.

I would like to know this too. I've read countless posts now and the fact that you have to use a kludgy hack to utilize ports on a network device that costs $1500 dollars is absolutely inexcusable. Cisco needs a serious smack in the ass. They are so transparently selfish with their focus on costs and returns; any lay-person can see that they actually sit down and develop ways to intentionally gouge customers.

The simple brainless return on this problem is "now I need to buy a switch", which is exactly what they intended. Now ask yourself what kind of people run this company.

This has to be the worst response I've ever seen. the only conclusion would be to never use Strategic Network Consultants, Inc for anything and if this fly-by-night operation is in your area please inform everyone you can to not use this guy.

I created an account just to like Canis' response.

EtherChannels will most certainly not work as a replacement for switchports.

It seems you are assuming the other end of those connections are all to the same device (e.g., another switch).

As 100's of others have pointed out, the 5505 is in use in SMALL deployments.

Who at Cisco decided a SOHO, or small branch needs 8 ROUTED PORTS!?!?!?!?

I'd really like to see the logic used.  Whether Cisco likes it or not, the real world use case for the 5505 *relies* on those switchports.

To say the "next generation" or "replacement" doesn't support switchports because the original use case only included them as an afterthought completely overlooks the actual use case.

If Ford puts out a truck with a trailer hitch, and the majority of users take advantage of the hitch - why would Ford remove that feature in the next release because they "didn't intend for the truck to actually tow things".

"Course Correction" is needed on this.