Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1292
Views
0
Helpful
4
Replies

VRF interfaces down on ASA module

Little Bunny
Level 2
Level 2

‎11-29-2017 06:50 PM - edited ‎02-21-2020 06:52 AM

Hello

 

I just attempted to move a couple of VRF vlans from an ACE module to an ASA module but for some reason the vlans were showing as 'down' on the ASA:

 

al1asam/act/pri# sh int vlan 2100

Interface Vlan2100 "", is down, line protocol is down
Hardware is EtherSVI, BW 10000 Mbps, DLY 1000 usec
Available for allocation to a context

*******

ANGUHUB22(config)#no svclc vlan-group 9 2100
ANGUHUB22(config)#no svclc vlan-group 9 2101
ANGUHUB22(config)#firewall vlan-group 4 2100
ANGUHUB22(config)#firewall vlan-group 4 2101

 

ANGUHUB22#sh module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 8 CEF720 8 port 10GE with DFC WS-X6708-10GE 
2 8 CEF720 8 port 10GE with DFC WS-X6708-10GE 
4 3 ASA Service Module WS-SVC-ASA-SM1 
5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G 
6 8 Network Analysis Module WS-SVC-NAM-2-250S 
9 1 Application Control Engine Module ACE30-MOD-K9 

***************************

Anyone know why they're showing as 'down'? Let me know if you need more config snippets.

 

Thanks

LB

Labels:
0 Helpful
4 Replies 4

Bogdan Nita
VIP Alumni
VIP Alumni

‎11-30-2017 01:48 AM

Did you apply the vlan group to the ASA module ?

It looks like you have the ASA on slot 4, so it should be something like this:

firewall module 4 vlan-group 4

0 Helpful

Little Bunny
Level 2
Level 2
In response to Bogdan Nita

‎11-30-2017 09:08 AM

Hi Bogdan

 

Yes I removed it from the ACE module and added it to the ASA module:

 

ANGUHUB22(config)#no svclc vlan-group 9 2100
ANGUHUB22(config)#no svclc vlan-group 9 2101
ANGUHUB22(config)#firewall vlan-group 4 2100
ANGUHUB22(config)#firewall vlan-group 4 2101

 

Thanks

Amy

0 Helpful

Little Bunny
Level 2
Level 2
In response to Bogdan Nita

‎11-30-2017 09:10 AM - edited ‎11-30-2017 09:12 AM

Ah just re-read your note, yes the vlan group was already applied and has other VRF vlans successfully running on it.

 

ANGUHUB22#sh run | i firewall
firewall multiple-vlan-interfaces
firewall module 4 vlan-group 4
firewall vlan-group 4 13-17,21,26,36,62-69,90,93-95,98,121,132,137,153,155,157,186,190-193
firewall vlan-group 4 195-197,288,300,301,304,401,402,408,529-534,536,542-544,548,575-577,594-596
firewall vlan-group 4 600,602-607,609-611,620-625,631-634,671-673,699,700,703-707,709-726,729-732
firewall vlan-group 4 753,760-763,766,768-770,773-776,1649,1650,1711-1721,1940-1943,1946
firewall vlan-group 4 1949-1953,1956,1959,2020,2021,2040-2051,2121-2123,2175,2176,3082,3083,3098
firewall vlan-group 4 3133,3207,3470-3473

 

Thanks

Amy

0 Helpful

Little Bunny
Level 2
Level 2
In response to Little Bunny

‎12-07-2017 03:29 PM

Anyone have any ideas?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card