09-05-2018 01:37 PM - edited 02-21-2020 08:12 AM
Hello all, I found a Cisco 5505 that I wanted to play around with and install it in my home. I have Comcast cable and for some odd reason the interfaces and vlans are not coming up and I can't figure it out why. It's a very simple config that I've searched on the internet and is not working for me.
Wireless Cable Modem with extra ports ----> asa5505 ----> PC
interface Ethernet0/0
description outside
switchport access vlan 10
ip address dhcp setroute
!
interface Ethernet0/1
description PC
switchport access vlan 950
!
interface Ethernet0/2
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
no nameif
no security-level
no ip address
!
interface Vlan10
no forward interface Vlan950
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan950
nameif inside
security-level 100
ip address 172.25.25.1 255.255.255.0
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
access-list outside_in extended permit icmp any any echo
access-list outside_in extended deny ip any any log
access-list inside_in extended permit ip any any
access-list inside_in extended deny ip any any log
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source dynamic obj_any interface
access-group outside_in in interface outside
access-group inside_in in interface inside
I see green lights on the ASA but on the cli all, including the vlans, are shown down/down.
If I plug the PC directly into the same port of the cable modem, the pc gets an IP address and I can go out to the internet.
Is there a special command I need on the ASA? Thank you for your help in advance.
Solved! Go to Solution.
09-05-2018 04:16 PM
Hi,
With the base license you can only have 3 vlans and one of them can only initiate traffic to one other vlan. The third vlan should have the "no forward interface vlan x" command. Full vlan functionality is only available in the security plus licence.
If you are using just 2 vlans, then remove one and see if your config work.
Have a look at the following doc:
Thanks
John
09-05-2018 02:00 PM
Hi,
What license do you have on the ASA? The "show version" command will tell you this.
Thanks
John
09-05-2018 02:45 PM
Hi,
This platform has a Base license.
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 10 perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
09-05-2018 04:16 PM
Hi,
With the base license you can only have 3 vlans and one of them can only initiate traffic to one other vlan. The third vlan should have the "no forward interface vlan x" command. Full vlan functionality is only available in the security plus licence.
If you are using just 2 vlans, then remove one and see if your config work.
Have a look at the following doc:
Thanks
John
09-06-2018 07:28 AM
Thank you, John.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide