Solved: Hi Guddu,

alvinreddy · ‎01-24-2016

Hi Experts,

When I do a show run these are the only options shown..! The problem is that I am unable to configure the interface?

Interface configuration commands:
default      Set a command to its defaults
description Interface specific description
dhcp         Configure parameters for DHCP client
duplex       Configure duplex operation
exit         Exit from interface configuration mode
help         Interactive help for interface subcommands
no           Negate a command or set its defaults
shutdown     Shutdown the selected interface
speed        Configure speed operation

Guddu Prasad · ‎01-26-2016

Hi Alvin,

As I can see that you are in system context and from system context we can allocate the interface to a particular context.
If you want to assign an ip address to interface then we need to go into that particular context then assign the ip address.

In you are senario i can see that gig0/1 and gig0/2 and mamgement interface are allocated to admin context.

First you need to go in to the Admin context using the command changeto context admin then you will be able to assign the ip address.

Example:

In system context:

ciscoasa(config)# sh context
Context Name Class Interfaces URL
*admin default GigabitEthernet0/1,GigabitEthernet0/2 disk0:/admin.cfg

Total active Security Contexts: 1

ciscoasa(config)# changeto context admin

Now we are in admin context:

ciscoasa/admin(config)# sh run int
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
ciscoasa/admin(config)# int GigabitEthernet0/1
ciscoasa/admin(config-if)# name
ciscoasa/admin(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa/admin(config-if)# ip address
ciscoasa/admin(config-if)# ip address 192.168.1.1 255.255.255.0
ciscoasa/admin(config-if)# ?

Interface configuration commands:
asr-group Configure Asymmetrical Routing group id

ddns Configure dynamic DNS

default Set a command to its defaults

description Interface specific description

dhcp Configure parameters for DHCP client

exit Exit from interface configuration mode

help Interactive help for interface subcommands

ip Configure ip addresses.

ipv6 IPv6 interface subcommands

mac-address Assign MAC address to interface

management-only Dedicate an interface to management. Block thru traffic

nameif Assign name to interface

no Negate a command or set its defaults

security-level Specify the security level of this interface after this

keyword, Eg: 0, 100 etc. The relative security level between

two interfaces determines the way the Adaptive Security

Algorithm is applied. A lower security_level interface is

outside relative to a higher level interface and equivalent

interfaces are outside to each other

shutdown Shutdown the selected interface

Thanks
Guddu

View solution in original post

Marvin Rhoads · ‎01-24-2016

Please share the output of the following commands:

show firewall
show context

We look to see that you are not in transparent mode (first command) nor multi-context (second command).

alvinreddy · ‎01-25-2016

Hi Marvin,

Please view as requested;

CISCOASA# show firewall
Firewall mode: Router
CISCOASA# show context
Context Name      Class      Interfaces           URL
*admin            default    GigabitEthernet0/0, disk0:/admin.cfg
                             GigabitEthernet0/1,
                             GigabitEthernet0/2,
                             Management0/0

Total active Security Contexts: 1
CISCOASA# show flash
--#-- --length-- -----date/time------ path
164 16275456    Oct 15 2010 10:02:08 asa821-k8.bin
165 11348300    Oct 15 2010 12:21:32 asdm-621.bin
166 4096        Jan 01 1980 00:00:00 FSCK0000.REC
    3 4096        Jul 18 2013 04:11:36 log
191 1820        Jul 18 2013 04:11:36 log/recovery-event.202.20130718.041136
   12 4096        Jan 01 2003 00:03:32 crypto_archive
   13 4096        Jan 01 2003 00:04:04 coredumpinfo
   14 43          Oct 02 2014 02:12:04 coredumpinfo/coredump.cfg
168 4096        Jan 01 1980 00:00:00 FSCK0001.REC
169 12105313    Oct 15 2010 12:17:58 csd_3.5.841-k9.pkg
170 4096        Oct 15 2010 12:18:02 sdesktop
193 1462        Oct 15 2010 12:18:02 sdesktop/data.xml
171 2857568     Oct 15 2010 12:18:04 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg
172 3203909     Oct 15 2010 12:18:04 anyconnect-win-2.4.1012-k9.pkg
173 4832344     Oct 15 2010 12:18:08 anyconnect-macosx-i386-2.4.1012-k9.pkg
174 5209423     Oct 15 2010 12:18:10 anyconnect-linux-2.4.1012-k9.pkg
175 4096        Jan 01 1980 00:00:00 FSCK0002.REC
176 24576       Jan 01 1980 00:00:00 FSCK0003.REC
177 4096        Jan 01 1980 00:00:00 FSCK0004.REC
178 28672       Jan 01 1980 00:00:00 FSCK0005.REC
179 4096        Jan 01 1980 00:00:00 FSCK0006.REC
180 24576       Jan 01 1980 00:00:00 FSCK0007.REC
181 4096        Jan 01 1980 00:00:00 FSCK0008.REC
182 28672       Jan 01 1980 00:00:00 FSCK0009.REC
183 4096        Jan 01 1980 00:00:00 FSCK0010.REC
184 20480       Jan 01 1980 00:00:00 FSCK0011.REC
185 4096        Jan 01 1980 00:00:00 FSCK0012.REC
186 16384       Jan 01 1980 00:00:00 FSCK0013.REC
187 4096        Jan 01 1980 00:00:00 FSCK0014.REC
188 2724        Oct 02 2014 02:12:04 old_running.cfg
189 2170        Oct 02 2014 02:12:04 admin.cfg

255582208 bytes total (196374528 bytes free)

Marvin Rhoads · ‎01-26-2016

As Guddu mentioned, you need to be in the context that has those interfaces allocated to it in order to be able to configure them.

In your case, the admin context has only Gi0/1 and Gi0/2 (plus M0/0) assigned.

gauraku3 · ‎01-26-2016

Hi Alvin,

Just to add what Guddu has said here.

We have only one context here. ie "admin" context.

Admin context is to be used only for administrative purpose only. I would suggest you to create new contexts on your device and assign interfaces to that new context and then assign Ip.

Please refer to the following documentation more information

Why we should not use admin context as normal context -> http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_contexts.html#90538

how to create new context -> http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_contexts.html#pgfId-1191124

Gaurav Kumar CCIE# 49565
Cisco-TAC Engineer

alvinreddy · ‎02-02-2016

Hi Gaurav,

Thanks for your assistance.

have a nice day.

Guddu Prasad · ‎01-26-2016

Hi Alvin,

As I can see that you are in system context and from system context we can allocate the interface to a particular context.
If you want to assign an ip address to interface then we need to go into that particular context then assign the ip address.

In you are senario i can see that gig0/1 and gig0/2 and mamgement interface are allocated to admin context.

First you need to go in to the Admin context using the command changeto context admin then you will be able to assign the ip address.

Example:

In system context:

ciscoasa(config)# sh context
Context Name Class Interfaces URL
*admin default GigabitEthernet0/1,GigabitEthernet0/2 disk0:/admin.cfg

Total active Security Contexts: 1

ciscoasa(config)# changeto context admin

Now we are in admin context:

ciscoasa/admin(config)# sh run int
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
ciscoasa/admin(config)# int GigabitEthernet0/1
ciscoasa/admin(config-if)# name
ciscoasa/admin(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa/admin(config-if)# ip address
ciscoasa/admin(config-if)# ip address 192.168.1.1 255.255.255.0
ciscoasa/admin(config-if)# ?

Interface configuration commands:
asr-group Configure Asymmetrical Routing group id

ddns Configure dynamic DNS

default Set a command to its defaults

description Interface specific description

dhcp Configure parameters for DHCP client

exit Exit from interface configuration mode

help Interactive help for interface subcommands

ip Configure ip addresses.

ipv6 IPv6 interface subcommands

mac-address Assign MAC address to interface

management-only Dedicate an interface to management. Block thru traffic

nameif Assign name to interface

no Negate a command or set its defaults

security-level Specify the security level of this interface after this

keyword, Eg: 0, 100 etc. The relative security level between

two interfaces determines the way the Adaptive Security

Algorithm is applied. A lower security_level interface is

outside relative to a higher level interface and equivalent

interfaces are outside to each other

shutdown Shutdown the selected interface

Thanks
Guddu

alvinreddy · ‎02-02-2016

Hi Guddu,

Sorry for my late response, I just want to thank you a million.

You have indeed hit the bulls eye. I manage to achieve the intended outcome on configuring the interface.

Thanks once again & have a good one.

ASA 5540 - config issue