12-23-2017 02:44 AM - edited 02-21-2020 07:01 AM
My firewall isn't accepting the no shutdown command even i don't have any option to go into config t mode, i'm sharing show run information with you guys so you can help me in this regard.
All interfaces are shutdown state except mgmt int. This problem is occur after i hard reset my firewall.
!
interface GigabitEthernet1/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
This is output from show command i taken.
app-agent Configure appagent features
asdm Disconnect a specific ASDM session
asp Configure ASP parameters
blocks Set block diagnostic parameters
capture Capture inbound and outbound packets on one or more interfaces
capture-traffic Display traffic or save to specified file
cd Change current directory
change-password Change password
clear Reset functions
cluster Cluster exec mode commands
configure Change to Configuration mode
copy Copy from one file to another
cpu general CPU stats collection tools
crashinfo Crash information
crypto Execute crypto Commands
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
dns Update FQDN IP addresses
downgrade Downgrade the file system and reboot
eject Eject a device
eotool Change to Enterprise Object Tool Mode
erase Erase a filesystem
exit Exit this CLI session
expert Invoke a shell
failover Perform failover operation in Exec mode
file Change to File Mode
format Format a filesystem
fsck Filesystem check
help Interactive help for commands
history Display the current session's command line history
kill Terminate a telnet session
logging Configure flash file name to save logging buffer
logout Logout of the current CLI session
memory Memory tools
mkdir Create new directory
more Display the contents of a file
no Negate a command or set its defaults
nslookup Look up an IP address or host name with the DNS servers
packet-tracer Trace packets in F1 data path
perfmon Change or view performance monitoring options
pigtail Tail log files for debugging (pigtail)
ping Test connectivity from specified interface to an IP address
pmtool Change to PMTool Mode
pwd Display current working directory
reboot Reboot the sensor
redundant-interface Redundant interface
rename Rename a file
rmdir Remove existing directory
sftunnel-status Show sftunnel status
show Show running system information
shun Manages the filtering of packets from undesired hosts
shutdown Shutdown the sensor
system Change to System Mode
tail-logs Tails the logs selected by the user
test Test subsystems, memory, interfaces, and configurations
traceroute Find route to remote network
undebug Disable debugging functions (see also 'debug')
verify Verify a file
vpn-sessiondb Configure the VPN Session Manager
webvpn-cache Remove cached object
write Write running configuration to memory, network, or terminal
Only this above command from show output i'm able to run on my Cisco 5506x firewall. Anybody can help regarding how to no shut the gigabit interfaces.
Thanks & Regards,
Shehroz Arif
12-23-2017 04:01 AM
What happens when you try to go to config-mode? And how can it be that the "no shut" is not accepted when you can't go into config-mode?
Please show a console-log what you tried to do.
12-23-2017 04:11 AM
I have just there below commands to go into configure mode
> configure
disable-https-access Disable https access
disable-ssh-access Disable ssh access
firewall Change to Firewall Configuration Mode
high-availability Change to Configure High-Availability Mode
https-access-list Configure the https access list
log-events-to-ramdisk Configure Logging of Events to disk
manager Change to Manager Configuration Mode
network Change to Network Configuration Mode
password Change password
ssh-access-list Configure the ssh access list
ssl-protocol Configure SSL protocols for https web access.
user Change to User Configuration Mode
> configure
12-23-2017 06:27 AM - edited 12-23-2017 06:39 AM
You are running the FTD image. With FTD you cannot configure from the cli (except the very limited bunch of setup commands that you saw).
You need to use the GUI to configure interfaces. Either Firepower Device Manager (FDM - local on-box manager) or Firepower Management Center (FMC - remote management server). FDM would be most common for a stand alone ASA 5506.
You access FDM via your browser. Open an https session to the ASA's management address.
In FDM, go to Device > Interface menu and move the "slider button" to the right to enable an interface (picture below). Then deploy the change to commit it to the device.
In FMC it is a setting under the device properties (Devices > Device Management > Interfaces > Edit physical interface).
12-25-2017 08:10 PM
I'm unable to open web interface, My all interfaces are in shutdown state except management interface.
12-25-2017 08:12 PM
There is any workaround to open web interface (GUI)
12-25-2017 09:43 PM
Issue has been now resolved. Thank you all
02-06-2018 08:48 PM
02-07-2018 02:30 AM
If you cannot open the management GUI you can re-image the appliance and start from scratch.
02-07-2018 06:43 AM
Thanks for providing a fast response, Marvin.
Can you please provide a step-by step procedure for re-installation. I am running ASA with FTD.
is this one the right link :
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html
I am confused a bit , cause initially I have one os.img file on disk0:, but procedure demands to download two: .lfbff and .pkg files. Is this correct?
02-07-2018 09:19 AM
Yes, follow this section of the procedure you noted:
The lbff file is the ~100 MB boot image for the disk that you tftp download to the appliance. Once it bootstraps you will then need the ~950 MB pkg file which can at that point in the installation be copied via http or ftp.
Both are available here:
02-07-2018 10:11 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide