Solved: No enable command ASA 5508-x - Page 2

mawg64 · ‎09-24-2017

I got a new 5508-x at work. Out of the box went through the defaults via wizard, changing the internal and management ip (already in use somewhere else). Rebooted as instructed, everything looked good. The prompt I get is a > symbol but I'm not in a normal access prompt, no enable command, no access to standard commands, config, etc. I can look at thing but cant change anything I need to like a no shut, config etc. I can get to a bash shell even tried a reboot once sudo'd via linux. Running back through the wizard, not an option. Reset button, nope. No option to start over, defintely no "do-over" option. I can see the status of the interfaces, not via normal "sho ip int br", using the provided show network command. They are all shutdown. Just a nice blinky ">". Suggestions?

Marvin Rhoads · ‎09-25-2017

You can drop into what Cisco calls the Lina cli from FTD by using the command "system support diagnostic-cli" and see the underlying configuration equivalent to the classic ASA bits of code.

There is an enable mode but no config mode in that cli though as you cannot change anything from there.

mawg64 · ‎09-25-2017

I have dropped into lina with no more control than before. I was watching a reboot of the system and it did have link lights. I opened to connection in MS and I was only getting data sent the was no data recieved. Once the ASA was up the lights went dead. I think its time to google "How to reset it the hard way".

mawg64 · ‎09-25-2017

mawg64 · ‎09-28-2017

If for some reason you end up like me and something isnt quite right with you new ASA 5508-x with FTD and you need to get back to the begininning. I finally found some help and answers on the very bottom under "Uncommon Management Tasks". Then there was a little bit of extra to finish it up. I hope this helps some one and may you never have to use it.

Procedure

Use an SSH or CLI in to the box.

Step 1 > expert

at the bash prompt sudo and set the time, date and timezone.

Step 2 Delete any managers.

> configure manager delete

If you enabled any feature licenses, you must disable them in

Firepower Device Manager before deleting the local manager.

Otherwise, those licenses remain assigned to the device in Cisco

Smart Software Manager.

Do you want to continue[yes/no] yes

Deleting task list

Manager successfully deleted.

Step 3 > show managers

No managers configured.

Step 4 > Configure manager local

Step 5 > show managers

Managed locally.

Step 6 Set your system to get a DHCP ip

You can now use a web browser to open the Firepower Management Center

.

By clearing the configuration, you will be prompted to complete the device setup wizard.

If you still cant log into the web interface

Step 1 > show network

You should have the default DHCP addresses in the Gateway and for IPv4, or at least in the subnet.

If not then reset everything to DHCP

Step 2 > configure network ipv4 and/or ipv6 dhcp

This may take some time to run. Once this is done your management computer should get a DHCP ip.

The addresses in the Gateway and for IPv4 should go back to DHCP.

Check you system to make sure it got a DHCP address.

If not, set it to DHCP

Once everything is DHCP give it a minute to shuffle and arp. It took me 5 mins before I could log into the web portal. I was gettin ready to start all over again. And then like magic it all worked.

LAST THING TO DO!

One at a time, write you configs on each device and reboot after writing. Patientce is a virtue. It takes

about 5 mins to get back to a normal state and talking to each other.