01-24-2016 05:10 PM - edited 03-12-2019 12:11 AM
Hi Experts,
When I do a show run these are the only options shown..! The problem is that I am unable to configure the interface?
Interface configuration commands:
default Set a command to its defaults
description Interface specific description
dhcp Configure parameters for DHCP client
duplex Configure duplex operation
exit Exit from interface configuration mode
help Interactive help for interface subcommands
no Negate a command or set its defaults
shutdown Shutdown the selected interface
speed Configure speed operation
Solved! Go to Solution.
01-26-2016 02:33 AM
Hi Alvin,
As I can see that you are in system context and from system context we can allocate the interface to a particular context.
If you want to assign an ip address to interface then we need to go into that particular context then assign the ip address.
In you are senario i can see that gig0/1 and gig0/2 and mamgement interface are allocated to admin context.
First you need to go in to the Admin context using the command changeto context admin then you will be able to assign the ip address.
Example:
In system context:
ciscoasa(config)# sh context
Context Name Class Interfaces URL
*admin default GigabitEthernet0/1,GigabitEthernet0/2 disk0:/admin.cfg
Total active Security Contexts: 1
ciscoasa(config)# changeto context admin
Now we are in admin context:
ciscoasa/admin(config)# sh run int
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
ciscoasa/admin(config)# int GigabitEthernet0/1
ciscoasa/admin(config-if)# name
ciscoasa/admin(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa/admin(config-if)# ip address
ciscoasa/admin(config-if)# ip address 192.168.1.1 255.255.255.0
ciscoasa/admin(config-if)# ?
Interface configuration commands:
asr-group Configure Asymmetrical Routing group id
ddns Configure dynamic DNS
default Set a command to its defaults
description Interface specific description
dhcp Configure parameters for DHCP client
exit Exit from interface configuration mode
help Interactive help for interface subcommands
ip Configure ip addresses.
ipv6 IPv6 interface subcommands
mac-address Assign MAC address to interface
management-only Dedicate an interface to management. Block thru traffic
nameif Assign name to interface
no Negate a command or set its defaults
security-level Specify the security level of this interface after this
keyword, Eg: 0, 100 etc. The relative security level between
two interfaces determines the way the Adaptive Security
Algorithm is applied. A lower security_level interface is
outside relative to a higher level interface and equivalent
interfaces are outside to each other
shutdown Shutdown the selected interface
Thanks
Guddu
01-24-2016 07:18 PM
Please share the output of the following commands:
show firewall
show context
We look to see that you are not in transparent mode (first command) nor multi-context (second command).
01-25-2016 03:29 PM
Hi Marvin,
Please view as requested;
CISCOASA# show firewall
Firewall mode: Router
CISCOASA# show context
Context Name Class Interfaces URL
*admin default GigabitEthernet0/0, disk0:/admin.cfg
GigabitEthernet0/1,
GigabitEthernet0/2,
Management0/0
Total active Security Contexts: 1
CISCOASA# show flash
--#-- --length-- -----date/time------ path
164 16275456 Oct 15 2010 10:02:08 asa821-k8.bin
165 11348300 Oct 15 2010 12:21:32 asdm-621.bin
166 4096 Jan 01 1980 00:00:00 FSCK0000.REC
3 4096 Jul 18 2013 04:11:36 log
191 1820 Jul 18 2013 04:11:36 log/recovery-event.202.20130718.041136
12 4096 Jan 01 2003 00:03:32 crypto_archive
13 4096 Jan 01 2003 00:04:04 coredumpinfo
14 43 Oct 02 2014 02:12:04 coredumpinfo/coredump.cfg
168 4096 Jan 01 1980 00:00:00 FSCK0001.REC
169 12105313 Oct 15 2010 12:17:58 csd_3.5.841-k9.pkg
170 4096 Oct 15 2010 12:18:02 sdesktop
193 1462 Oct 15 2010 12:18:02 sdesktop/data.xml
171 2857568 Oct 15 2010 12:18:04 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg
172 3203909 Oct 15 2010 12:18:04 anyconnect-win-2.4.1012-k9.pkg
173 4832344 Oct 15 2010 12:18:08 anyconnect-macosx-i386-2.4.1012-k9.pkg
174 5209423 Oct 15 2010 12:18:10 anyconnect-linux-2.4.1012-k9.pkg
175 4096 Jan 01 1980 00:00:00 FSCK0002.REC
176 24576 Jan 01 1980 00:00:00 FSCK0003.REC
177 4096 Jan 01 1980 00:00:00 FSCK0004.REC
178 28672 Jan 01 1980 00:00:00 FSCK0005.REC
179 4096 Jan 01 1980 00:00:00 FSCK0006.REC
180 24576 Jan 01 1980 00:00:00 FSCK0007.REC
181 4096 Jan 01 1980 00:00:00 FSCK0008.REC
182 28672 Jan 01 1980 00:00:00 FSCK0009.REC
183 4096 Jan 01 1980 00:00:00 FSCK0010.REC
184 20480 Jan 01 1980 00:00:00 FSCK0011.REC
185 4096 Jan 01 1980 00:00:00 FSCK0012.REC
186 16384 Jan 01 1980 00:00:00 FSCK0013.REC
187 4096 Jan 01 1980 00:00:00 FSCK0014.REC
188 2724 Oct 02 2014 02:12:04 old_running.cfg
189 2170 Oct 02 2014 02:12:04 admin.cfg
255582208 bytes total (196374528 bytes free)
01-26-2016 05:28 AM
As Guddu mentioned, you need to be in the context that has those interfaces allocated to it in order to be able to configure them.
In your case, the admin context has only Gi0/1 and Gi0/2 (plus M0/0) assigned.
01-26-2016 05:40 AM
Hi Alvin,
Just to add what Guddu has said here.
We have only one context here. ie "admin" context.
Admin context is to be used only for administrative purpose only. I would suggest you to create new contexts on your device and assign interfaces to that new context and then assign Ip.
Please refer to the following documentation more information
Why we should not use admin context as normal context -> http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_contexts.html#90538
how to create new context -> http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_contexts.html#pgfId-1191124
Gaurav Kumar CCIE# 49565
Cisco-TAC Engineer
02-02-2016 02:11 PM
Hi Gaurav,
Thanks for your assistance.
have a nice day.
01-26-2016 02:33 AM
Hi Alvin,
As I can see that you are in system context and from system context we can allocate the interface to a particular context.
If you want to assign an ip address to interface then we need to go into that particular context then assign the ip address.
In you are senario i can see that gig0/1 and gig0/2 and mamgement interface are allocated to admin context.
First you need to go in to the Admin context using the command changeto context admin then you will be able to assign the ip address.
Example:
In system context:
ciscoasa(config)# sh context
Context Name Class Interfaces URL
*admin default GigabitEthernet0/1,GigabitEthernet0/2 disk0:/admin.cfg
Total active Security Contexts: 1
ciscoasa(config)# changeto context admin
Now we are in admin context:
ciscoasa/admin(config)# sh run int
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
ciscoasa/admin(config)# int GigabitEthernet0/1
ciscoasa/admin(config-if)# name
ciscoasa/admin(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa/admin(config-if)# ip address
ciscoasa/admin(config-if)# ip address 192.168.1.1 255.255.255.0
ciscoasa/admin(config-if)# ?
Interface configuration commands:
asr-group Configure Asymmetrical Routing group id
ddns Configure dynamic DNS
default Set a command to its defaults
description Interface specific description
dhcp Configure parameters for DHCP client
exit Exit from interface configuration mode
help Interactive help for interface subcommands
ip Configure ip addresses.
ipv6 IPv6 interface subcommands
mac-address Assign MAC address to interface
management-only Dedicate an interface to management. Block thru traffic
nameif Assign name to interface
no Negate a command or set its defaults
security-level Specify the security level of this interface after this
keyword, Eg: 0, 100 etc. The relative security level between
two interfaces determines the way the Adaptive Security
Algorithm is applied. A lower security_level interface is
outside relative to a higher level interface and equivalent
interfaces are outside to each other
shutdown Shutdown the selected interface
Thanks
Guddu
02-02-2016 02:10 PM
Hi Guddu,
Sorry for my late response, I just want to thank you a million.
You have indeed hit the bulls eye. I manage to achieve the intended outcome on configuring the interface.
Thanks once again & have a good one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide