cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1179
Views
0
Helpful
5
Replies

Active-Active Failover Error

johnlloyd_13
Level 9
Level 9

hi all,

i'm trying to create an active-active failover scenario in GNS3 and encountered this error:

ASA1/admin(config)# interface GigabitEthernet0.1

ASA1/admin(config-if)# nameif inside

ERROR: VLAN must be configured for interface GigabitEthernet0.1

i've tried searching and read it's due to a license issue. i seem to have the right license but i could be mistaken.

please advise how to correct this and be able to assign nameif on interfaces for different contexts.

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 100            perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

VPN-DES                           : Enabled        perpetual

VPN-3DES-AES                      : Enabled        perpetual

Security Contexts                 : 2              perpetual

GTP/GPRS                          : Disabled       perpetual

AnyConnect Premium Peers          : 5000           perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 5000           perpetual

Total VPN Peers                   : 0              perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

ASA1/admin# sh run

: Saved

:

ASA Version 8.4(2) <context>

!

hostname ASA1

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0.1

no nameif

security-level 100

ip address 192.168.1.10 255.255.255.0 standby 192.168.1.11

!

interface GigabitEthernet1.1

no nameif

security-level 0

ip address 209.165.200.226 255.255.255.224 standby 209.165.200.227

!

pager lines 24

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

user-identity default-domain LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

no threat-detection statistics tcp-intercept

!

!

Cryptochecksum:57191e590c98e3c8310e7f9469c9dd52

: end

1 Accepted Solution

Accepted Solutions

Hello John,

Do it from the system context!

Remember to rate all of the helpful posts..

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

Hello John,

The error is not related to Active/Active failor nor licenses.

You are trying to configure a sub-interface and for that to happen you must assign a VLAN tag to it:

interface gig 0.1

vlan #

Afterwards let us know,

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Julio,

I believe I've tried that command earlier but it wasn't accepted.

Let me double check again when I get back to my PC.

Sent from Cisco Technical Support iPhone App

Hello John,

Do it from the system context!

Remember to rate all of the helpful posts..

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

julio,

sorry for being such a noob. thanks for your help!

ASA1/admin# changeto context system

ASA1# configure terminal

ASA1(config)# interface gigabitethernet0.1

ASA1(config-subif)# ?

Interface configuration commands:

  default      Set a command to its defaults

  description  Interface specific description

  exit         Exit from interface configuration mode

  help         Interactive help for interface subcommands

  no           Negate a command or set its defaults

  shutdown     Shutdown the selected interface

  vlan         Configure VLAN identifier

ASA1(config-subif)# vlan 10

ASA1(config-subif)# interface gigabitethernet1.1

ASA1(config-subif)# vlan 20

ASA1(config-subif)# show run interface gigabitethernet0.1

!

interface GigabitEthernet0.1

vlan 10

ASA1(config-subif)# show run interface gigabitethernet1.1

!

interface GigabitEthernet1.1

vlan 20

ASA1(config-subif)# end

ASA1# changeto context admin

ASA1/admin# configure terminal

ASA1/admin(config)# interface GigabitEthernet0.1

ASA1/admin(config-if)# nameif inside

ASA1/admin(config-if)# interface GigabitEthernet1.1

ASA1/admin(config-if)# nameif outside

ASA1/admin(config-if)# show run interface GigabitEthernet0.1

!

interface GigabitEthernet0.1

nameif inside

security-level 100

ip address 192.168.1.10 255.255.255.0 standby 192.168.1.11

ASA1/admin(config-if)# show run interface GigabitEthernet1.1

!

interface GigabitEthernet1.1

nameif outside

security-level 0

ip address 209.165.200.226 255.255.255.224 standby 209.165.200.227

Hello,

Hey man my pleasure to help and come on you are far away from a noob.

I have seen you answering a lot of questions lately, you are learning a lot man.

Keep it up!

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: