Solved: Re: ASA 9.6 bridge group not available

Heiko2 · ‎09-23-2018

I have some ASA 5506-X on version 9.6(2). i have read, that there should be possible to setup some Gi-Interfaces as bridge-group.

All firewalls are on routed mode. as drescribed i configured Gi-Interface but inside the config the command bridge-group is not avalable. so i tried to setup BVI-interface as first. but bvi after interface ist also invalid.Firewalls 9.6

here the putty-output:

gate-ffm(config)# int gi1/6
gate-ffm(config-if)# ?

Interface configuration commands:
authentication authentication subcommands
bfd BFD interface configuration commands
channel-group Etherchannel/port bundling configuration
cts Configure interface specific CTS settings
ddns Configure dynamic DNS
default Set a command to its defaults
delay Specify interface throughput delay
description Interface specific description
dhcp Configure parameters for DHCP client
dhcprelay Configure DHCP Relay Agent
duplex Configure duplex operation
exit Exit from interface configuration mode
flowcontrol Configure flowcontrol operation
hello-interval Configures EIGRP-IPv4 hello interval
help Description of the interactive help system
help Interactive help for interface subcommands
hold-time Configures EIGRP-IPv4 hold time
igmp IGMP interface commands
ip Configure the ip address
ipv6 IPv6 interface subcommands
isis IS-IS commands
lacp LACP interface subcommands
mac-address Assign MAC address to interface
management-only Dedicate an interface to management. Block thru traffic
mfib Interface Specific MFIB Control
multicast Configure multicast routing
nameif Assign name to interface
no Negate a command or set its defaults
nve-only Dedicate an interface to source-interface of a NVE. Block
thru traffic
ospf OSPF interface commands
pim PIM interface commands
policy-route Enable policy based routing
pppoe Configure parameters for PPPoE client
rip Router Information Protocol
security-level Specify the security level of this interface after this
keyword, Eg: 0, 100 etc. The relative security level between
two interfaces determines the way the Adaptive Security
Algorithm is applied. A lower security_level interface is
outside relative to a higher level interface and equivalent
interfaces are outside to each other
shutdown Shutdown the selected interface
speed Configure speed operation
split-horizon Configures EIGRP-IPv4 split-horizon
summary-address Configures EIGRP-IPv4 summary-address
zone-member Associate interface to a zone
gate-ffm(config-if)# exit
gate-ffm(config)# interface ?

configure mode commands/options:
GigabitEthernet GigabitEthernet IEEE 802.3z
Management Management interface
Port-channel Ethernet Channel of interfaces
Redundant Redundant Interface
vni VNI Interface
<cr>

Wahts wrong?

balaji.bandi · ‎09-23-2018

can you post below output ?

show version

show firewall ( i believe you are running in routed mode, that is the reason you were not seeing BVI configuration).

Firewall mode: Router

If it is router mode you need to convert to transparent

config t

firewall transparent

!

end

show firewall :

Firewall mode: Transparent

now you go and type in config mode

config t

ciscoasa(config)# interface ?

configure mode commands/options:
BVI Bridge-Group Virtual Interface
GigabitEthernet GigabitEthernet IEEE 802.3z
Management Management interface
Redundant Redundant Interface
vni VNI Interface
<cr>

hope this information helps you.

Note : if it is in production, make sure you understand the risk before you converting from router to transparent, Once you convert to Transparent all the configuration will be override and you need to do all config again. so take backup and configure in change window.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Heiko2 · ‎09-24-2018

Hello an thanks. Yes, all my Firewalls are running on routed mode. so there is no way to use more then one interface in routed mode?

So i have to create as many subnets as i want to use interfaces? is that right?

this is not useful. and in transparent mode i Need an additional router behind. and this all for a small Office with 12 devices at all.

ASA is no longer a recommended device.

View solution in original post

balaji.bandi · ‎09-23-2018

Have you tried setup BVI interface first and later add physical interface to bridge group number ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Heiko2 · ‎09-23-2018

yes both. i tried

interface bvi 1

at first and got bvi as invalid.

And i tried

interface Gi 1/6

bridge-group 1

and i got bridge-Group as invalid.

balaji.bandi · ‎09-23-2018

can you post below output ?

show version

show firewall ( i believe you are running in routed mode, that is the reason you were not seeing BVI configuration).

Firewall mode: Router

If it is router mode you need to convert to transparent

config t

firewall transparent

!

end

show firewall :

Firewall mode: Transparent

now you go and type in config mode

config t

ciscoasa(config)# interface ?

configure mode commands/options:
BVI Bridge-Group Virtual Interface
GigabitEthernet GigabitEthernet IEEE 802.3z
Management Management interface
Redundant Redundant Interface
vni VNI Interface
<cr>

hope this information helps you.

Note : if it is in production, make sure you understand the risk before you converting from router to transparent, Once you convert to Transparent all the configuration will be override and you need to do all config again. so take backup and configure in change window.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Heiko2 · ‎09-24-2018

Hello an thanks. Yes, all my Firewalls are running on routed mode. so there is no way to use more then one interface in routed mode?

So i have to create as many subnets as i want to use interfaces? is that right?

this is not useful. and in transparent mode i Need an additional router behind. and this all for a small Office with 12 devices at all.

ASA is no longer a recommended device.