08-06-2014 09:33 AM - edited 03-11-2019 09:35 PM
08-06-2014 09:49 AM
Hi,
If you are configuring sub interfaces on the ASA they should be configured in the following way
interface Ethernet0/0.100
vlan 100
nameif <name>
security-level <level>
ip address <ip> <mask>
Are you sure that you have configured the "vlan" under the sub interface before you try to configure "nameif" or any other parameters? I wonder if having the firewall in Transparent mode would affect this also? Or is the firewall in its default Routed mode?
Also with regards to your software level problem. I would presume that the problem is that you have not removed the higher level software from the boot settings
Try the command
show run boot
If you can see the file for the software 9.0 mentioned then remove it. It might be first on the list and then after that the 8.2 and because of that the new software might still be booting up.
Hope this helps :)
- Jouni
08-06-2014 10:29 AM
08-06-2014 10:45 AM
The interface that you want to create sub interfaces should look like this
int eth0/0
no nameif
security-level XX <-- what ever level you want here
no ip address
now add the sub-interfaces
interface Ethernet0/0.100
description Interface to ???
vlan 100
nameif XXX <-- what you want to name it
security-level XX <-- what ever security level you want
ip address <ipaddress> <Mask>
no shut
hope this helps
mike
08-06-2014 10:50 AM
Sorry it does not HAVE to be that.... I was just seeing if that worked for you.
Can you post the config for that port?
Also check to make sure the main port is not shutdown
Mike
08-07-2014 03:45 AM
ASA Version 9.0(3)
!
hostname BUFW7001
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
switchport access vlan 522
speed 100
duplex full
!
interface Ethernet0/1
switchport access vlan 523
speed 100
duplex full
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan522
nameif Inside_Int
security-level 100
ip address 10.204.51.57 255.255.255.248
!
interface Vlan523
nameif Outside_Int
security-level 0
ip address 10.209.47.1 255.255.255.252
!
boot system disk0:/asa825-k8.bin
ftp mode passive
08-07-2014 05:08 AM
Hi,
You wont be able to create subinterfaces on the ASA5505 model as its a firewall with a built in switch module. Therefore it acts like a L3 switch and you configure Vlan interfaces instead of subinterfaces of actual physical ports. Seems there was some missunderstanding related to the ASA model. ASA5505 has switch ports and you can configure Trunk interfaces with the proper license (Security Plus). No other basic ASA model (other than the FWSM and ASASM) support Vlan interface to my understanding.
Depending if the ASA is using Base License or Security Plus license your allowed Vlan interface limit may vary. On the Base License its 3 vlans (of which one is resricted) and on Security Plus I think the limitation was 20 Vlans.
Hope this helps :)
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide