Solved: Re: ASA 5505 v9.1 vlans and eth ports not coming up

mguzman4158 · ‎09-05-2018

Hello all, I found a Cisco 5505 that I wanted to play around with and install it in my home. I have Comcast cable and for some odd reason the interfaces and vlans are not coming up and I can't figure it out why. It's a very simple config that I've searched on the internet and is not working for me.

Wireless Cable Modem with extra ports ----> asa5505 ----> PC

interface Ethernet0/0
description outside
switchport access vlan 10

ip address dhcp setroute
!
interface Ethernet0/1
description PC
switchport access vlan 950
!
interface Ethernet0/2
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
no nameif
no security-level
no ip address
!
interface Vlan10
no forward interface Vlan950
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan950
nameif inside
security-level 100
ip address 172.25.25.1 255.255.255.0
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
access-list outside_in extended permit icmp any any echo
access-list outside_in extended deny ip any any log
access-list inside_in extended permit ip any any
access-list inside_in extended deny ip any any log
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source dynamic obj_any interface
access-group outside_in in interface outside
access-group inside_in in interface inside

I see green lights on the ASA but on the cli all, including the vlans, are shown down/down.

If I plug the PC directly into the same port of the cable modem, the pc gets an IP address and I can go out to the internet.

Is there a special command I need on the ASA? Thank you for your help in advance.

johnd2310 · ‎09-05-2018

Hi,

With the base license you can only have 3 vlans and one of them can only initiate traffic to one other vlan. The third vlan should have the "no forward interface vlan x" command. Full vlan functionality is only available in the security plus licence.

If you are using just 2 vlans, then remove one and see if your config work.

Have a look at the following doc:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/interface_start_5505.html#87459

Thanks

John

**Please rate posts you find helpful**

View solution in original post

johnd2310 · ‎09-05-2018

Hi,

What license do you have on the ASA? The "show version" command will tell you this.

Thanks

John

**Please rate posts you find helpful**

mguzman4158 · ‎09-05-2018

Hi,

This platform has a Base license.

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
VLANs                             : 3              DMZ Restricted
Dual ISPs                         : Disabled       perpetual
VLAN Trunk Ports                  : 0              perpetual
Inside Hosts                      : 10             perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

johnd2310 · ‎09-05-2018

Hi,

With the base license you can only have 3 vlans and one of them can only initiate traffic to one other vlan. The third vlan should have the "no forward interface vlan x" command. Full vlan functionality is only available in the security plus licence.

If you are using just 2 vlans, then remove one and see if your config work.

Have a look at the following doc:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/interface_start_5505.html#87459

Thanks

John

**Please rate posts you find helpful**

mguzman4158 · ‎09-06-2018

Thank you, John.