10-27-2012 03:04 PM - edited 03-11-2019 05:15 PM
hi all,
I have ASA 5505 with base license.
I created 3rd vlan on it.it was created.
but i am unable to assign IP to it.
i assign ip address it takes it.
But when i do sh int ip brief it does not show any ip.
ciscoasa# sh int ip brief
Interface IP-Address OK? Method Status Prot
ocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset up up
Ethernet0/3 unassigned YES unset administratively down down
Ethernet0/4 unassigned YES unset administratively down down
Ethernet0/5 unassigned YES unset administratively down down
Ethernet0/6 unassigned YES unset administratively down down
Ethernet0/7 unassigned YES unset administratively down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Vlan1 192.168.1.1 YES CONFIG up up
Vlan2 192.168.11.2 YES CONFIG up up
Vlan3 unassigned YES manual up up*************************************************************
Virtual0 127.0.0.1 YES unset up up
ciscoasa# config t
ciscoasa(config)# int vlan 3
ciscoasa(config-if)# ip ad
ciscoasa(config-if)# ip address 192.168.12.2 255.255.255.0
ciscoasa(config-if)# end
ciscoasa# wr mem
Building configuration...
Cryptochecksum: 808baaba ced2a226 07cfb41f 9f6ec4f8
4608 bytes copied in 1.630 secs (4608 bytes/sec)
[OK]
ciscoasa# sh int ip brief
Interface IP-Address OK? Method Status Prot
ocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset up up
Ethernet0/3 unassigned YES unset administratively down down
Ethernet0/4 unassigned YES unset administratively down down
Ethernet0/5 unassigned YES unset administratively down down
Ethernet0/6 unassigned YES unset administratively down down
Ethernet0/7 unassigned YES unset administratively down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Vlan1 192.168.1.1 YES CONFIG up up
Vlan2 192.168.11.2 YES CONFIG up up
Vlan3 unassigned YES manual up up
Virtual0 127.0.0.1 YES unset up up
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(9)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 days 17 hours
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Int: Internal-Data0/0 : address is 001d.a24d.ed0e, irq 11
1: Ext: Ethernet0/0 : address is 001d.a24d.ed06, irq 255
2: Ext: Ethernet0/1 : address is 001d.a24d.ed07, irq 255
3: Ext: Ethernet0/2 : address is 001d.a24d.ed08, irq 255
4: Ext: Ethernet0/3 : address is 001d.a24d.ed09, irq 255
5: Ext: Ethernet0/4 : address is 001d.a24d.ed0a, irq 255
6: Ext: Ethernet0/5 : address is 001d.a24d.ed0b, irq 255
7: Ext: Ethernet0/6 : address is 001d.a24d.ed0c, irq 255
8: Ext: Ethernet0/7 : address is 001d.a24d.ed0d, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
<--- More --->
Need to know does this License support IP to 3rd vlan ?
Thanks
Mahesh
Solved! Go to Solution.
10-27-2012 03:06 PM
Hello Mahesh,
Do you have already assigned a name-if ?
Have you assigned already a security level?
Base license restriction is regarding the third vlan just being able to innitiate traffic to one other vlan,
Regards,
Julio
10-27-2012 03:19 PM
Hello Mahesh,
That is because you are missing the nameif command, until you assing a nameif command the interface configuration will be complete so it will appear on the show interface ip brief,
As soon as you add nameif xxxxxxx then it will appear
Remember to rate all of the helpful posts
Julio
10-27-2012 03:30 PM
Hello Mahesh,
Correct, that is the restriction I was talking about before
Do the following
interface vlan 3
no forward vlan 1
With the base license you will be able to innitiate traffic from this DMZ to vlan 1 or 2 so choose one of them and use it on the previous command,
Regards,
Remember to rate all of the helpful posts
Julio
10-27-2012 03:06 PM
Hello Mahesh,
Do you have already assigned a name-if ?
Have you assigned already a security level?
Base license restriction is regarding the third vlan just being able to innitiate traffic to one other vlan,
Regards,
Julio
10-27-2012 03:14 PM
Hi Julio,
when i do sh run int vlan 3
it shows
no nameif
security level 50
ip address 192.168.12.2 255.255.255.0
but when i do sh int ip brief it does not show ip to vlan3 ?
can you please tell why is this
10-27-2012 03:19 PM
Hello Mahesh,
That is because you are missing the nameif command, until you assing a nameif command the interface configuration will be complete so it will appear on the show interface ip brief,
As soon as you add nameif xxxxxxx then it will appear
Remember to rate all of the helpful posts
Julio
10-27-2012 03:23 PM
Hi Julio,
I tried to config namef if but here is result
ciscoasa# sh run int vlan 3
!
interface Vlan3
description DMZ to 3550 New Switch
no nameif
security-level 50
ip address 192.168.12.2 255.255.255.0
ciscoasa# config t
ciscoasa(config)# int vlan 3
ciscoasa(config-if)# name
ciscoasa(config-if)# namei
ciscoasa(config-if)# nameif DMZ
ERROR: This license does not allow configuring more than 2 interfaces with
nameif and without a "no forward" command on this interface or on 1 interface(s)
with nameif already configured.
10-27-2012 03:30 PM
Hello Mahesh,
Correct, that is the restriction I was talking about before
Do the following
interface vlan 3
no forward vlan 1
With the base license you will be able to innitiate traffic from this DMZ to vlan 1 or 2 so choose one of them and use it on the previous command,
Regards,
Remember to rate all of the helpful posts
Julio
10-27-2012 03:40 PM
Hi Julio,
It worked like charm.
Regards
Mahesh
10-27-2012 03:42 PM
Hello Mahesh,
Great that I could help
Any other question.. You know where to find us..
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide