Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3512
Views
10
Helpful
11
Replies

Cisco 5506 x Interfaces are not up

shehrozceh
Level 1
Level 1

‎12-23-2017 02:44 AM - edited ‎02-21-2020 07:01 AM

My firewall isn't accepting the no shutdown command even i don't have any option to go into config t mode, i'm sharing show run information with you guys so you can help me in this regard.

All interfaces are shutdown state except mgmt int. This problem is occur after i hard reset my firewall.

 

!
interface GigabitEthernet1/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address

 

This is output from show command i taken.


app-agent                   Configure appagent features
asdm                           Disconnect a specific ASDM session
asp                              Configure ASP parameters
blocks                          Set block diagnostic parameters
capture                        Capture inbound and outbound packets on one or more interfaces
capture-traffic             Display traffic or save to specified file
cd                               Change current directory
change-password       Change password
clear                           Reset functions
cluster                        Cluster exec mode commands
configure                    Change to Configuration mode
copy                           Copy from one file to another
cpu general                CPU stats collection tools
crashinfo                    Crash information
crypto                        Execute crypto Commands
debug                        Debugging functions (see also 'undebug')
delete                        Delete a file
dir                              List files on a filesystem
dns                            Update FQDN IP addresses
downgrade                Downgrade the file system and reboot
eject                          Eject a device
eotool                        Change to Enterprise Object Tool Mode
erase                         Erase a filesystem
exit                            Exit this CLI session
expert                        Invoke a shell
failover                       Perform failover operation in Exec mode
file                             Change to File Mode
format                        Format a filesystem
fsck                            Filesystem check
help                            Interactive help for commands
history                        Display the current session's command line history
kill                              Terminate a telnet session
logging                       Configure flash file name to save logging buffer
logout                         Logout of the current CLI session
memory                      Memory tools
mkdir                          Create new directory
more                           Display the contents of a file
no                               Negate a command or set its defaults
nslookup                     Look up an IP address or host name with the DNS servers
packet-tracer             Trace packets in F1 data path
perfmon                     Change or view performance monitoring options
pigtail                         Tail log files for debugging (pigtail)
ping                            Test connectivity from specified interface to an IP address
pmtool                        Change to PMTool Mode
pwd                            Display current working directory
reboot                        Reboot the sensor
redundant-interface   Redundant interface
rename                      Rename a file
rmdir                          Remove existing directory
sftunnel-status           Show sftunnel status
show                          Show running system information
shun                           Manages the filtering of packets from undesired hosts
shutdown                   Shutdown the sensor
system                       Change to System Mode
tail-logs                     Tails the logs selected by the user
test                            Test subsystems, memory, interfaces, and configurations
traceroute                   Find route to remote network
undebug                     Disable debugging functions (see also 'debug')
verify                          Verify a file
vpn-sessiondb           Configure the VPN Session Manager
webvpn-cache           Remove cached object
write                          Write running configuration to memory, network, or terminal

Only this above command from show output i'm able to run on my Cisco 5506x firewall. Anybody can help regarding how to no shut the gigabit interfaces. 

 

Thanks & Regards,

Shehroz Arif

Labels:
0 Helpful
11 Replies 11

Karsten Iwen
VIP
VIP

‎12-23-2017 04:01 AM

What happens when you try to go to config-mode? And how can it be that the "no shut" is not accepted when you can't go into config-mode?

Please show a console-log what you tried to do.

0 Helpful

shehrozceh
Level 1
Level 1
In response to Karsten Iwen

‎12-23-2017 04:11 AM

I have just there below commands to go into configure mode

 

> configure
disable-https-access                      Disable https access
disable-ssh-access                        Disable ssh access
firewall                                            Change to Firewall Configuration Mode
high-availability                               Change to Configure High-Availability Mode
https-access-list                            Configure the https access list
log-events-to-ramdisk                   Configure Logging of Events to disk
manager                                         Change to Manager Configuration Mode
network                                          Change to Network Configuration Mode
password                                       Change password
ssh-access-list                              Configure the ssh access list
ssl-protocol                                   Configure SSL protocols for https web access.
user                                               Change to User Configuration Mode

> configure

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to shehrozceh

‎12-23-2017 06:27 AM - edited ‎12-23-2017 06:39 AM

You are running the FTD image. With FTD you cannot configure from the cli (except the very limited bunch of setup commands that you saw).

 

You need to use the GUI to configure interfaces. Either Firepower Device Manager (FDM - local on-box manager) or Firepower Management Center (FMC - remote management server). FDM would be most common for a stand alone ASA 5506.

 

You access FDM via your browser. Open an https session to the ASA's management address.

 

In FDM, go to Device > Interface menu and move the "slider button" to the right to enable an interface (picture below). Then deploy the change to commit it to the device.

 

In FMC it is a setting under the device properties (Devices > Device Management > Interfaces > Edit physical interface).

 

FDM Interface settings.PNG

 

shehrozceh
Level 1
Level 1
In response to Marvin Rhoads

‎12-25-2017 08:10 PM

I'm unable to open web interface, My all interfaces are in shutdown state except management interface.

0 Helpful

shehrozceh
Level 1
Level 1
In response to Marvin Rhoads

‎12-25-2017 08:12 PM

There is any workaround to open web interface (GUI)

0 Helpful

shehrozceh
Level 1
Level 1
In response to shehrozceh

‎12-25-2017 09:43 PM

Issue has been now resolved. Thank you all

0 Helpful

Andrii Trushenko
Level 1
Level 1
In response to shehrozceh

‎02-06-2018 08:48 PM

Good day, I have a similar issue. How did you resolve it? Can you please share, I am in a desperate situation.
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Andrii Trushenko

‎02-07-2018 02:30 AM

If you cannot open the management GUI you can re-image the appliance and start from scratch.

0 Helpful

Andrii Trushenko
Level 1
Level 1
In response to Marvin Rhoads

‎02-07-2018 06:43 AM

Thanks for providing a fast response, Marvin. 
Can you please provide a step-by step procedure for re-installation. I am running ASA with FTD. 
is this one the right link :
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

I am confused a bit , cause initially I have one os.img file on disk0:, but procedure demands to download two: .lfbff and .pkg files. Is this correct? 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Andrii Trushenko

‎02-07-2018 09:19 AM

Yes, follow this section of the procedure you noted:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html#id_51368

 

The lbff file is the ~100 MB boot image for the disk that you tftp download to the appliance. Once it bootstraps you will then need the ~950 MB pkg file which can at that point in the installation be copied via http or ftp.

 

Both are available here:

 

https://software.cisco.com/download/release.html?mdfid=286283326&flowid=77251&softwareid=286306337&release=6.1.0.6&relind=AVAILABLE&rellifecycle=&reltype=latest

Andrii Trushenko
Level 1
Level 1
In response to Marvin Rhoads

‎02-07-2018 10:11 AM

Thanks for a tip, I have no access to ftp( ports are blocked) so I would try to accomplish the task through USB downloading
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card