04-09-2013 01:31 PM - edited 03-11-2019 06:25 PM
Hi Everyone,
I am trying to setup intervlan routing with a Cisco ASA 5510 and two 2960-S switches. The 5510 currently is using ASA Version 7.0(2) and has a base license. I tried to create a sub interface today based on some info I found regarding the routing piece and it didn't recognize the command. I'm thinking I may need to update the IOS code or the license on the firewall. I know the syntax was correct because I looked it up and found it in a Cisco document. Please help...
Thanks,
Craig
04-09-2013 01:45 PM
Hi,
Your software is one of the very first softwares to the ASA to my understanding.
The software 7.0(1) should be the first software after the jump from PIX 6.3(5) software level where interface configuration format was totally different and was split in many parts all around the CLI configuration.
Still I imagine you should be able to configure subinterfaces
The format should be
interface FastEthernet0/0
description Trunk
no nameif
no security-level
no ip add
interface FastEthernet0/0.100
description LAN
vlan 100
nameif lan
security-level 100
ip add 10.10.100.1 255.255.255.0
interface FastEthernet0/0.200
description DMZ
vlan 200
nameif dmz
security-level 50
ip add 10.10.200.1 255.255.255.0
Or something to that direction.
Did you try some configuration like above?
- Jouni
04-09-2013 01:47 PM
Hi Jouni,
Yes. That is the config that I tried to put in place. It tells me that the Ethernet0/2.3 part of the config is not recognized...
Thanks,
Craig
04-09-2013 01:52 PM
So what does the ASA say if you do the following
interface Ethernet0/2?
I mean looking at the options directly after "2"
For example and ASA5520 gives this (8.2 software level)
ASA(config)# interface GigabitEthernet 0/0?
configure mode commands/options:
. : <0-3>
- Jouni
04-09-2013 01:53 PM
Hello Craig,
Can you share a 'show version', also what error message do you get?
Regards,
Felipe.
04-09-2013 01:56 PM
Hello,
Can you share a show interface and then show us the commands you are setting?
Regards
04-09-2013 02:00 PM
Also,
Were you in the right configuration mode?
ASA> enable
ASA# configure terminal
ASA(config)#
- Jouni
04-10-2013 11:29 AM
Hi Everyone,
I pasted below an output from putty... I tried conf t, then int Ethernet0/2.3, then it gave the error message. I can go to interface Ethernet0/2 just fine, it just doesn't like the sub interface commands...
LYSMcM-ASA# conf t
LYSMcM-ASA(config)#
LYSMcM-ASA(config)# int Ethernet0/2.3
^
ERROR: % Invalid input detected at '^' marker.
LYSMcM-ASA(config)#
04-10-2013 11:33 AM
Hello Craig,
Can you share show curpriv?
04-10-2013 11:40 AM
Hi Everyone,
Here is the show ver...
LYSMcM-ASA# sh ver
Cisco Adaptive Security Appliance Software Version 7.0(2)
Compiled on Fri 15-Jul-05 22:55 by builders
System image file is "disk0:/asa702-k8.bin"
Config file at boot was "startup-config"
LYSMcM-ASA up 13 days 20 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 64MB
<--- More --->
BIOS Flash AT49LW080: @ 0xffe00000, 1024KB
<--- More --->
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : ?CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ?CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : ?CNlite-MC-IPSECm-MAIN-2.03
0: Ext: Ethernet0/0 : address is 0012.d948.ffee, irq 9
1: Ext: Ethernet0/1 : address is 0012.d948.ffef, irq 9
2: Ext: Ethernet0/2 : address is 0012.d948.fff0, irq 9
3: Ext: Not licensed : irq 9
4: Ext: Management0/0 : address is 0012.d948.fff2, irq 11
<--- More --->
5: Int: Not licensed : irq 11
6: Int: Not licensed : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : 4
Maximum VLANs : 0
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
<--- More --->
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 50
This platform has a Base license.
Serial Number: JMX0941K0F4
Running Activation Key: 0x9208de4d 0xd89ae8d4 0xcc316c18 0x8d28dc2c 0xc43aeb87
Configuration register is 0x1
Configuration last modified by enable_15 at 10:45:29.041 EST Wed Apr 10 2013
04-10-2013 11:42 AM
Craig,
This is a license issue:
Maximum Physical Interfaces : 4
Maximum VLANs : 0
You need security plus
Regards,
Felipe.
04-10-2013 11:43 AM
The sh curpriv command shows that I'm at priviledge level 15.... I don't think that is the problem...
04-10-2013 11:44 AM
There you go,
License problem 0 vlans.
04-10-2013 02:51 PM
Craig,
If you don't have more questions please mark the post as answered so future users can learn from this.
Regards,
Felipe.
04-12-2013 10:29 AM
Hi Everyone,
I just want to make sure that I have the correct part number for the license. I need Part# L-ASA5510-SEC-PL= right?
Thanks,
Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide