Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3873
Views
0
Helpful
2
Replies

ASA Inside Interface (VLAN) Down

Darren Roback
Level 5
Level 5

‎03-19-2013 08:25 AM - edited ‎03-11-2019 06:16 PM

I have an ASA 5505 at a remote location that tunnels back to corporate. I have two VLAN's configured (outside/inside), and have assigned 7 Ethernet ports to the inside interface. We tunnel all traffic back to corporate, but the issue I'm running into is that when nothing is connected to the inside interfaces, the VLAN goes down, and thus the site shows down. Is there a feature on an ASA similar to Autostate that I could disable? Basically I want to ensure the inside interface stays up even when no hosts are connected.

Thx!

Darren

Labels:
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎03-19-2013 12:59 PM

Hi,

I dont think there is no such possibility on an ASA.

I think the IOS devices had a chance to configure "no keepalive" or some such to keep the interface permanently up.

I cant really think of anything else normal than having a device connected there all the time.

I guess the only things to keep an Vlan interface up on an ASA would be to either have a device connected to an Access port of that Vlan or have that Vlan on a trunk interface that is up on the ASA (regardles if there is any hosts on that Vlan)

But with an ASA5505 you will need Security Plus License to get the ability to Trunk to my understanding and it would naturally require alterations if even possible to the current setup.

If you have the Base License I guess you could be as bold to

  • Configure a new Vlan interface (if you have not used the third for some DMZ already)
  • Assing a port to this new Vlan
  • Have a port with the "inside" Vlan
  • Connect the 2 ports with a cable

Now the Vlan interface would always be up. Though I wouldnt really recomend it.

Naturally if someone were to make the mistake to attach the cable between 2 ports of same Vlan we know what would happen

- Jouni

0 Helpful

stasvezhnin
Level 1
Level 1

‎04-03-2020 04:46 AM

to goes up a VLAN, you have to allow this VLAN to trunk!

 

for example:

!

interface Ethernet0/7
switchport trunk allowed vlan 8,203
switchport mode trunk
!
interface Vlan8
nameif inside
security-level 100
ip address 192.168.8.1 255.255.255.0
!
interface Vlan203
nameif outside
security-level 0
ip address 88.11.111.144 255.255.255.240

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card