Monday, January 2, 2023

Cisco Firepower 2120 ASA 9.16 Upgrade and Change to Appliance Mode

Here's a link regarding the Cisco Firepower (FPR) 2100 upgrade in ASA version 9.12 and earlier (Platform mode). You can only perform the  upgrade via the FXOS CLI and it will remain in Platform mode. You can change to Appliance mode after it has been upgraded to ASA version 9.13 and above.

Here's a link on how to perform the FTD to ASA re-image procedure (and vice versa). This is in case you've received the wrong Firepower appliance image.


You can check the ASA version using the show version command. Notice it's version 9.12 and runs in Platform mode (default).

ciscoasa# show version

 

Cisco Adaptive Security Appliance Software Version 9.12(1)2

Firepower Extensible Operating System Version 2.6(1.113)

Device Manager Version 7.12(1)

 

 

ciscoasa# show fx?

ERROR: % Unrecognized command

 

 

ciscoasa# configure terminal

ciscoasa(config)# fxos ?

 

configure mode commands/options:

  https  Configure FXOS HTTPS options

  snmp   Configure FXOS SNMP options

  ssh    Configure FXOS SSH options

 

You can transfer the ASA image using the scope firmware FX-OS CLI command. Use the show download-task to check the transfer status.

 

Cisco FPR Series Security Appliance

firepower-2120 login: admin

Password:  <Admin123>


firepower-2120# scope firmware

firepower-2120 /firmware # download image ftp://ftpuser@172.27.25.253/cisco-asa-fp2k.9.16.3.19.SPA

Password: <FTP PASSWORD>

Please use the command 'show download-task' or 'show download-task detail' to check download progress.

 

firepower-2120 /firmware # show download-task

 

Download task:

    File Name Protocol Server          Port       Userid          State

    --------- -------- --------------- ---------- --------------- -----

    cisco-asa-fp2k.9.16.3.19.SPA

              Ftp      172.27.25.253            0 ftpuser         Failed

 

firepower-2120 /firmware # show download-task

 

Download task:

    File Name Protocol Server          Port       Userid          State

    --------- -------- --------------- ---------- --------------- -----

    cisco-asa-fp2k.9.16.3.19.SPA

              Tftp     172.27.25.253            0                 Failed

 

 

I tried FTP and FTP file transfer but both failed. I made a search and learned that I encountered an ASA bug. The only way to transfer the image file is via USB (slot beside the CONSOLE port).

 

firepower-2120 /firmware # show fault

Severity  Code     Last Transition Time     ID       Description

--------- -------- ------------------------ -------- -----------

Cleared   F16517   2022-09-13T03:01:59.715    153432 [FSM:STAGE:FAILED]: deleting downloadable cisco-asa-fp2k.9.16.3.19.SPA on local(FSM-STAGE:sam:dme:FirmwareDownloaderDownload:DeleteLocal)

Cleared   F77957   2022-09-13T03:01:59.715    153430 [FSM:STAGE:REMOTE-ERROR]: Result: end-point-failed Code: unspecified Message: End point timed out. Check for IP, port, password, disk space or network access related issues.#(sam:dme:FirmwareDownloaderDownload:DeleteLocal)

Cleared   F999557  2022-09-13T03:01:59.715    153438 [FSM:FAILED]: downloading image cisco-asa-fp2k.9.16.3.19.SPA from 172.27.25.253(FSM:sam:dme:FirmwareDownloaderDownload)

 

firepower-2120# scope firmware

firepower-2120 /firmware # download image usbA:/cisco-asa-fp2k.9.16.3.19.SPA

Please use the command 'show download-task' or 'show download-task detail' to check download progress.

 

firepower-2120 /firmware # show download-task detail

 

Download task:

    File Name: cisco-asa-fp2k.9.16.3.19.SPA

    Protocol: Usb A

    Server:

    Port: 0

    Userid:

    Path:

    Downloaded Image Size (KB): 463204

    Time stamp: 2022-09-13T17:25:39.762

    State: Downloading

    Status: validating and unpacking the image

    Transfer Rate (KB/s): 18528.160156

    Current Task: unpacking image cisco-asa-fp2k.9.16.3.19.SPA on primary(FSM-STAGE:sam:dme:FirmwareDownloaderDownload:UnpackLocal)

 

 

firepower-2120 /firmware # show download-task      

 

Download task:

    File Name Protocol Server          Port       Userid          State

    --------- -------- --------------- ---------- --------------- -----

    cisco-asa-fp2k.9.16.3.19.SPA

              Usb A                             0                 Downloading

 

firepower-2120 /firmware # show download-task

 

Download task:

    File Name Protocol Server          Port       Userid          State

    --------- -------- --------------- ---------- --------------- -----

    cisco-asa-fp2k.9.16.3.19.SPA

              Usb A                             0                 Downloaded    // WAIT FOR STATE: DOWNLOADED TO FULLY DOWNLOAD THE PACKAGE FILE

 

 

firepower-2120 /firmware # show package

Name                                          Package-Vers

--------------------------------------------- ------------

cisco-asa-fp2k.9.12.1.2.SPA                   9.12.1.2

cisco-asa-fp2k.9.16.3.19.SPA                  9.16.3.19

cisco-ftd-fp2k.6.2.1-341.SPA                  6.2.1-341    // DELETE UNUSED FTD PACKAGE

 

firepower-2120 /firmware # delete package cisco-ftd-fp2k.6.2.1-341.SPA

firepower-2120 /firmware # show package   !! WAIT FOR FEW SECONDS TO COMPLETE REMOVE OLD PACKAGE

Name                                          Package-Vers

--------------------------------------------- ------------

cisco-asa-fp2k.9.12.1.2.SPA                   9.12.1.2

cisco-asa-fp2k.9.16.3.19.SPA                  9.16.3.19    // TAKE NOTE OF PACKAGE VERSION

 

firepower-2120 /firmware # scope auto-install

firepower-2120 /firmware/auto-install # install security-pack version 9.16.3.19

 

The system is currently installed with security software package 9.12.1.2, which has:

   - The platform version: 2.6.1.113

   - The CSP (asa) version: 9.12.1.2

If you proceed with the upgrade 9.16.3.19, it will do the following:

   - upgrade to the new platform version 2.10.1.207

   - upgrade to the CSP asa version 9.16.3.19

During the upgrade, the system will be reboot

 

Do you want to proceed ? (yes/no):yes

 

This operation upgrades firmware and software on Security Platform Components

Here is the checklist of things that are recommended before starting Auto-Install

(1) Review current critical/major faults

(2) Initiate a configuration backup

 

Do you want to proceed? (yes/no):yes

 

Triggered the install of software package version 9.16.3.19

Install started. This will take several minutes.

For monitoring the upgrade progress, please enter 'show' or 'show detail' command.

 

firepower-2120 /firmware/auto-install # show

 

Firmware Auto-Install:

    Package-Vers Oper State                   Upgrade State

    ------------ ---------------------------- -------------

    9.16.3.19    Scheduled                    Ready

 

firepower-2120 /firmware/auto-install # show detail

 

Firmware Auto-Install:

    Package-Vers: 9.16.3.19

    Oper State: Scheduled

    Installation Time: 2022-09-14T01:59:56.258

    Upgrade State: Ready

    Upgrade Status:

    Validation Software Pack Status:

    Firmware Upgrade Status:

    Current Task:

 

 

Wait for a few seconds for FRP 2100 to auto reload.

 

Cisco FPR Series Security Appliance

ciscoasa login:

Cisco ASA: CMD=-stop, CSP-ID=cisco-asa.9.12.1.2__asa_001_TSP2621AGGS0CCABCD, FLAG=''

Cisco ASA stopping ...

Cisco ASA stopped successfully.

INIT:

Cisco ASA: CMD=-stop, CSP-ID=cisco-asa.9.12.1.2__asa_001_TSP2621AGGS0CCABCD, FLAG=''

Cisco ASA stopping ...

Sep 14 02:01:14 ciscoasa SF-IMS[27201]: [27201] pmtool:pmtool [ERROR] Unable to connect to UNIX socket at /var/sf/run/PM_Control.sock: No such file or directory

Cisco ASA stopped successfully.

Stopping all devices.

Stopping Octeon Serial Logd...

Stopping Octeon Serial Logd... success

Stopping OpenBSD Secure Shell server: sshd

stopped /usr/sbin/sshd (pid 1490)

done.

Stopping Octeon NPU ...

Stopping Octeon NPU ... failed

Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1688)

acpid.

Stopping system message bus: dbus.

stopping mountd: done

stopping nfsd: .done

Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 30244)

done

Stopping internet superserver: xinetd.

stopping statd: done

Failed to stop kdump!

Stopping crond: OK

Stopping rpcbind daemon...

done.

Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed

done.

Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 3694)

done.

Deconfiguring network interfaces... done.

ip6tables: Setting chains to policy ACCEPT: filter [  OK  ]

ip6tables: Flushing firewall rules: [  OK  ]

ip6tables: Unloading modules: [  OK  ]

iptables: Setting chains to policy ACCEPT: raw filter [  OK  ]

iptables: Flushing firewall rules: [  OK  ]

iptables: Unloading modules: [  OK  ]

SSP-Security-Module is shutting down ...

Wed Sep 14 02:01:26 UTC 2022 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps

Wed Sep 14 02:01:26 UTC 2022 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps

Wed Sep 14 02:01:26 UTC 2022 SHUTDOWN WARNING: Nothing to do for Apps-Services-Down

Sending ALL processes the TERM signal ...

Note: SIGKILL_ALL will be triggered after after 0 + 2 secs ...

Sending ALL processes the KILL signal ...

Deactivating swap...

Unmounting local filesystems...

Rebooting... [970793.313649] reboot: Restarting system

 

 

*******************************************************************************

Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE

Copyright (c) 1994-2019  by Cisco Systems, Inc.

Compiled Mon 06/17/2019 16:23:23.36 by builder

*******************************************************************************

 

Current image running: Boot ROM0

Last reset cause: ResetRequest (0x00001000)

DIMM_1/1 : Present

DIMM_2/1 : Absent

 

Platform FPR-2120 with 16384 MBytes of main memory

 

WARNING: This board is using a temporary MAC address.

WARNING: The temporary MAC address override value = 00:11:22:33:12:34

WARNING: Please clear this value to use the programmed MAC address.

WARNING: Use the following two CLI commands:

WARNING:   unset MACADDR

WARNING:   sync

 

BIOS has been successfully locked !!

MAC Address: ac:bc:d9:90:bd:00

 

Use BREAK or ESC to interrupt boot.

Use SPACE to begin boot immediately.

                  

 

Located '.boot_string' @ cluster 458394.

 

 

Attempt autoboot: "boot disk0:installables/switch/fxos-k8-fp2k-lfbff.2.10.1.207.SPA"

Located 'installables/switch/fxos-k8-fp2k-lfbff.2.10.1.207.SPA' @ cluster 347763.

 

#####################################################################################

#####################################################################################

 

+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|             LFBFF signature authentication passed !!!             |

|                                                                   |

+-------------------------------------------------------------------+

LFBFF signature verified.

+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|              LFBFF controller type check passed !!!               |

|                                                                   |

+-------------------------------------------------------------------+

 

Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Jul 21 06:32:09 UTC 2022

kernel_image = 0x8dafdc68, kernel_size=0x6402a0

Image validated

INIT: version 2.88 booting

Starting udev

Hardware tweak APPLIED: Disable SATA Throttle.1

Hardware tweak APPLIED: Disable SATA Throttle.2

Configuring network interfaces... done.

Starting random number generator daemon.

Starting Power Off Shutdown Handler (poshd)

poshd: using FPGA version  and PSEQ version

Starting TAm services ...

Device configuration status = TAM_SUCCESS

TAm Services started successfully

Primary SSD discovered

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1

/dev/sda1: clean, 104/61056 files, 25185/244224 blocks

fsck(/dev/sda1) returned 0

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2

/dev/sda2: clean, 111/61056 files, 11498/243968 blocks

fsck(/dev/sda2) returned 0

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3

/dev/sda3: clean, 13/732960 files, 85969/2929664 blocks

fsck(/dev/sda3) returned 0

mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.

fsck from util-linux 2.32.1

[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1

fsck.fat 4.1 (2017-01-24)

/dev/sdb1: 48 files, 206397/1919063 clusters

fsck(/dev/sdb1) returned 0

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

FIPS POST Test Script

NOTICE: The FIPS POST is not run because the FIPS feature is not enabled

INIT: Entering runlevel: 3rst bo

Starting system message bus: dbus.

Starting OpenBSD Secure Shell server: sshd

done.

Starting rpcbind daemon...done.

starting statd: done

Starting Advanced Configuration and Power Interface daemon: acpid.

acpid: starting up with netlink and the input layer

acpid: 1 rule loaded

acpid: waiting for events: event logging is off

Starting DHCP server: .

starting 8 nfsd kernel threads: done

starting mountd: done

Starting ntpd: done

Starting internet superserver: xinetd.

Starting Octeon NPU ...

Starting Octeon NPU ... success

Starting fan control daemon: fancontrol... done.

INFO: beginning of manager_install

INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.207.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA update=false

INFO: manager_install: fxmgr is dummy, skip_fxmgr_install=true

INFO: in validating image ...

INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.207.SPA

INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.207.SPA signature ...

: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.207.SPA size 1296

Done!

Computed Hash   SHA2: 9130e107f1aa8ea50662a5030ce04b08

                      9b5f9f2dc557034d63e1ec55210f7b35

                      097dee327a9df9af7717c0368709db42

                      3467cb651726b6d17d7b31d65cb41234

                     

Embedded Hash   SHA2: 9130e107f1aa8ea50662a5030ce04b08

                      9b5f9f2dc557034d63e1ec55210f7b35

                      097dee327a9df9af7717c0368709db42

                      3467cb651726b6d17d7b31d65cb4abcd

                     

The digital signature of the file: fxos-k9-fp2k-manager.2.10.1.207.SPA verified successfully

INFO: manager_validate_image: chmgr_absfilename /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA

INFO: Validating image /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA signature ...

: File /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA size 37136160

Done!

Computed Hash   SHA2: b3f080a08c44e4606e7ddde319c8ba3a

                      649a58ba202b149475250273c48f2326

                      0f9e7d060a620fbb68f56b35a1226e5d

                      1b4a0af4387940803b56475322d71234

                     

Embedded Hash   SHA2: b3f080a08c44e4606e7ddde319c8ba3a

                      649a58ba202b149475250273c48f2326

                      0f9e7d060a620fbb68f56b35a1226e5d

                      1b4a0af4387940803b56475322d7fabcd

                     

The digital signature of the file: fxos-k9-mgmtext.2.10.1.56.SPA verified successfully

INFO: manager_install: skip_fxmgr_install=true - delete unnecessary files and skip

INFO: deleting unnecessary xml file..!!

INFO: deleted unnecessary xml file..!!

INFO: manager_post_install ...

INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.207.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA update=false

INFO: manager_post_install: fxmgr is dummy

INFO: manager_post_install: Linking libraries ...

INFO: manager_post_install: Linking binaries ...

INFO: Creating directory /tmp/chmgr

INFO: creating /isan/apache/chassis-mgr/

INFO: Change permission /isan/apache/chassis-mgr/.deploy_onbox.sh

INFO: Change permission /isan/apache/chassis-mgr/.httpd.conf

INFO: Change permission /isan/apache/chassis-mgr/kpmgmt/onbox-version.txt

INFO: manager_post_install: succesful install chassis mgr

INFO: Trying to add iptables and ip6tables rules ...

INFO: Set up Application Diagnostic Interface ...

INFO: Configure management0 interface ...

 

2022-09-14T02:03:33 [WARN/lldpctl] unknown command from argument 4: `status`

 

INFO: Configure system files ...

INFO: System Name is: ciscoasa

Starting sensors logging daemon: sensord... done.

INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.207.SPA

INFO: Need to validate the image

: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.207.SPA size 73825264

Done!

Computed Hash   SHA2: 0dc26fabc2e1a37cad057537f9dd4391

                      92f03d2d249c31bf025a790d7ae2d2d3

                      6ac796ceb616943e6fda35335d334295

                      990f35850c39ca56e7ddab4eee1234

                     

Embedded Hash   SHA2: 0dc26fabc2e1a37cad057537f9dd4391

                      92f03d2d249c31bf025a790d7ae2d2d3

                      6ac796ceb616943e6fda35335d334295

                      990f35850c39ca56e7ddab4eeeabcd

                     

The digital signature of the file: fxos-k8-fp2k-npu.2.10.1.207.SPA verified successfully

INFO: Creating directory /tmp/npu

INFO: all files are there ...

INFO: console : ttyS0, speed : 9600

INFO: manager_startup: setting up fxmgr apache ...

INFO: manager_startup: Start manager httpd setup...

INFO: manager_startup: using HTTPD_INFO persistent cache

/bin/rm: cannot remove '/tmp/openssl.conf': No such file or directory

 httpdRegister INFO: [httpd.2501 -s -4 10.110.4.104 -n localhost]

 httpdRegister INFO: SKIP httpd syntax check

 httpdRegister INFO: Starting httpd setup/registration...

 httpdRegister INFO: Completed httpd setup/registration!

 INFO: httpdRegister [httpd.2501 script exit]

INFO: manager_startup: Completed manager httpd setup!

INFO: manager_startup: configuring chassis manager

INFO: unconfig older conf files

 httpdAppconf INFO: [httpd.2563 -d /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [GLOBAL_DEL:/isan/apache/.httpd.conf]

 httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed

 httpdAppconf INFO: httpd.conf GLOBAL_DEL update for /isan/apache/.httpd.conf already applied

 INFO: httpdAppconf [httpd.2563 script exit]

 httpdAppconf INFO: [httpd.2595 -V -d /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [VHOST_DEL:/isan/apache/.httpd.conf]

 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_DEL update for /isan/apache/.httpd.conf

 INFO: httpdAppconf [httpd.2595 script exit]

INFO: Configuring httpd

 httpdAppconf INFO: [httpd.2644 -V -a /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [VHOST_ADD:/isan/apache/.httpd.conf]

 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_ADD update for /isan/apache/.httpd.conf

 INFO: httpdAppconf [httpd.2644 script exit]

INFO: manager_startup: successfully configured chassis mgr

nscd: 2693 monitoring file `/etc/hosts` (1)

nscd: 2693 monitoring directory `/etc` (2)

nscd: 2693 monitoring file `/etc/resolv.conf` (3)

nscd: 2693 monitoring directory `/etc` (2)

Starting crond: OK

FTD

1:/opt/cisco/csp/cores

/opt/cisco/csp/cores 31457280

 

Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.12.1.2__asa_001_TSP2621AGGS0CCABCD, FLAG=''

Cisco ASA booting up ...

INFO:-MspCheck: Configuration Xml found is /opt/cisco/csp/applications/configs/cspCfg_cisco-asa.9.12.1.2__asa_001_TSP2621AGGS0CCABCD.xml

INFO:INFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.

 

 

ciscoasa login:

Waiting for Application infrastructure to be ready...

Verifying the signature of the Application image...

Sep 14 02:03:59 ciscoasa rst_manager: Reset Manager not required on this platform: 1

Sep 14 02:04:42 ciscoasa port-manager: Alert: Ethernet1/3 link changed to UP

Sep 14 02:04:42 ciscoasa port-manager: Alert: Ethernet1/2 link changed to UP

Sep 14 02:04:42 ciscoasa port-manager: Alert: Ethernet1/1 link changed to UP

 

Cisco ASA: CMD=-upgrade, CSP-ID=cisco-asa.9.16.3.19__asa_001_TSP2621AGGS0CCABCD, FLAG='cisco-asa.9.12.1.2__asa_001_TSP2621AGGS0CCABCD'

Cisco ASA begins upgrade ...

 

 

Verifying signature for cisco-asa.9.16.3.19 ...

Verifying signature for cisco-asa.9.16.3.19 ... success

 

Cisco ASA: CMD=-start, CSP-ID=cisco-asa.9.16.3.19__asa_001_TSP2621AGGS0CCABCD, FLAG=''

Cisco ASA starting ...

Registering to process manager ...

Cisco ASA started successfully.

lina_init_env: memif is not enabled.

System Cores 8 Nodes 1 Max Cores 48

Number of Cores 8

Global Reserve Memory Per Node: 692060160 bytes Nodes=1

 

LCMB: HEAP-CACHE POOL got 683671552 bytes on numa-id=0, virt=0x0000005555600000

 

total_reserved_mem = 1073741824

 

total_heapcache_mem = 683671552

total mem 7168280331 system 7222935552 kernel 54655221 image 0

new 7168280331 old 1073741824 reserve 1757413376 priv new 5465522176 priv old 0

Processor memory:   6908362752

POST started...

POST finished, result is 0 (hint: 1 means it failed)

 

Cisco Adaptive Security Appliance Software Version 9.16(3)19

 

Compiled on Wed 03-Aug-22 05:26 GMT by builders

Platform is FPR-2120

Adding Cavium NIC interface 1 port 0

 

Total NICs found: 4

 

NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1

NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0

NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1

NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1

Sep 14 02:09:23 ciscoasa port-manager: Alert: Internal1/3 link changed to UP

en_vtun rev00 Backplane Ext-Mgmt Interface     @ index 02 MAC: acbc.d990.bd01

en_vtun rev00 Backplane Tap Interface     @ index 03 MAC: 0000.0100.0001

WARNING: Attribute already exists in the dictionary.

Use software crypto.

The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

 

Cisco Adaptive Security Appliance Software Version 9.16(3)19

 

  ****************************** Warning *******************************

  This product contains cryptographic features and is

  subject to United States and local country laws

  governing, import, export, transfer, and use.

  Delivery of Cisco cryptographic products does not

  imply third-party authority to import, export,

  distribute, or use encryption. Importers, exporters,

  distributors and users are responsible for compliance

  with U.S. and local country laws. By using this

  product you agree to comply with applicable laws and

  regulations. If you are unable to comply with U.S.

  and local laws, return the enclosed items immediately.

 

  A summary of U.S. laws governing Cisco cryptographic

  products may be found at:

  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

 

  If you require further assistance please contact us by

  sending email to export@cisco.com.

  ******************************* Warning *******************************

Cisco Adaptive Security Appliance Software, version 9.16

Copyright (c) 1996-2022 by Cisco Systems, Inc.

For licenses and notices for open source software used in this product, please visit

http://www.cisco.com/go/asa-opensource

 

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

 

                Cisco Systems, Inc.

                170 West Tasman Drive

                San Jose, California 95134-1706

 

Reading from flash...

!!.WARNING: This command will not take effect until interface 'outside' has been assigned an IPv4 address

*** Output from config line 141, "ip-client outside"

..

Cryptochecksum (unchanged): cb62e249 bf3eb8fa cc728bc1 7d07b9ef

 

INFO: Power-On Self-Test in process.

......................................

INFO: Power-On Self-Test complete.

 

INFO: Starting SW-DRBG health test...

INFO: SW-DRBG health test passed.

Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...

 

Trustpoint CA certificate accepted.

Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...

 

Trustpoint CA certificate accepted.

User enable_1 logged in to ciscoasa

ciscoasa: Cryptochecksum: d344c6ff d1849478 4ec0ac2c cc645192

 

11665 bytes copied in 0.850 secs

 

 

It took around 10 mins for the upgrade/boot process to complete.

 

firepower-2120 login: admin

Password: <Admin123>

Successful login attempts for user 'admin' : 1

Cisco Firepower Extensible Operating System (FX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.

 

The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license.

 

Certain components of this software are licensed under the "GNU General Public

License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, Version 3", available here:

http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for

details.

 

Certain components of this software are licensed under the "GNU General Public

License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual

(''Licensing'') for details.

 

Certain components of this software are licensed under the "GNU LESSER GENERAL

PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:

http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for

details.

 

Certain components of this software are licensed under the "GNU Lesser General

Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the

terms of "GNU Lesser General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual

(''Licensing'') for details.

 

Certain components of this software are licensed under the "GNU Library General

Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU Library General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual

(''Licensing'') for details.

 

 

firepower-2120# connect asa

Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.

Type help or '?' for a list of available commands.

 

ciscoasa> enable

Password: ********

 

ciscoasa# show version

 

Cisco Adaptive Security Appliance Software Version 9.16(3)19

SSP Operating System Version 2.10(1.207)

Device Manager Version 7.18(1)152

 

Compiled on Wed 03-Aug-22 05:26 GMT by builders

System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.207.SPA"

Config file at boot was "startup-config"

 

ciscoasa up 4 mins 8 secs

 

Hardware:   FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)

 

 

 1: Int: Internal-Data0/1    : address is 000f.b748.4801, irq 0

 3: Ext: Management1/1       : address is acbc.d990.bd01, irq 0

 4: Int: Internal-Data1/1    : address is 0000.0100.0001, irq 0

 

License mode: Smart Licensing

 

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited     

Maximum VLANs                     : 1024          

Inside Hosts                      : Unlimited     

Failover                          : Active/Active 

Encryption-DES                    : Enabled       

Encryption-3DES-AES               : Enabled       

Security Contexts                 : 2             

Carrier                           : Disabled      

AnyConnect Premium Peers          : 3500          

AnyConnect Essentials             : Disabled      

Other VPN Peers                   : 3500          

Total VPN Peers                   : 3500          

AnyConnect for Mobile             : Enabled       

AnyConnect for Cisco VPN Phone    : Enabled       

Advanced Endpoint Assessment      : Enabled       

Shared License                    : Disabled      

Total TLS Proxy Sessions          : 8000          

Cluster                           : Disabled      

 

Serial Number: JAD26091234

Configuration has not been modified since last system restart.

 

 

ciscoasa# show interface ip brief

Interface                  IP-Address      OK?           Method Status      Protocol

Internal-Data0/1           unassigned      YES           unset  up          up 

Ethernet1/1                unassigned      YES           unset  up          up 

Ethernet1/2                unassigned      YES           unset  up          up 

Ethernet1/3                unassigned      YES           unset  up          up 

Ethernet1/4                unassigned      YES           unset  admin down  down

Ethernet1/5                unassigned      YES           unset  admin down  down

Ethernet1/6                unassigned      YES           unset  admin down  down

Ethernet1/7                unassigned      YES           unset  admin down  down

Ethernet1/8                unassigned      YES           unset  admin down  down

Ethernet1/9                unassigned      YES           unset  admin down  down

Ethernet1/10               unassigned      YES           unset  admin down  down

Ethernet1/11               unassigned      YES           unset  admin down  down

Ethernet1/12               unassigned      YES           unset  down        down

Ethernet1/13               unassigned      YES           unset  admin down  down

Ethernet1/14               unassigned      YES           unset  admin down  down

Ethernet1/15               unassigned      YES           unset  admin down  down

Ethernet1/16               unassigned      YES           unset  down        down

Internal-Data1/1           169.254.1.1     YES           unset  up          up 

Management1/1              unassigned      YES           unset  up          up 

 

 

The FXOS mode is still in Platform mode even after the upgrade. You can manually change the FXOS mode using the fxos mode appliance, save config and reload the appliance.

 

ciscoasa# show fxos mode

Mode is currently set to platform

 

ciscoasa# configure terminal

ciscoasa(config)# fxos ?   

 

configure mode commands/options:

  https  Configure FXOS HTTPS options

  mode   Configure FXOS mode

  snmp   Configure FXOS SNMP options

  ssh    Configure FXOS SSH options

ciscoasa(config)# fxos mode ?

 

configure mode commands/options:

  appliance  Configure FXOS mode appliance

ciscoasa(config)# fxos mode appliance    // ASA 9.13 AND ABOVE CODE UPGRADE DOESN'T CHANGE FXOS MODE FROM PLATFORM TO APPLIANCE MODE BY DEFAULT

Mode set to appliance mode

WARNING: The running-config must be saved and the system must

be rebooted for this command to take effect. Upon reboot, the current

configuration will be erased, and the default configuration for

appliance mode will be applied.

ciscoasa(config)# end

ciscoasa# write memory

Building configuration...

Cryptochecksum: 9af5fb7a a7f691ab 1574a29d 9dd5e558

 

11660 bytes copied in 0.910 secs

WARNING: Mode change detected. Upon reboot,

current configuration will be cleared and the default

configuration for appliance mode will be applied.

[OK]

 

ciscoasa# reload    // THE ASA STARTUP-CONFIG WILL BE CLEARED AND CONFIGURED WITH A SYSTEM DEFAULT CONFIG

 

WARNING: Mode change detected. Upon reboot,

current configuration will be cleared and the default

configuration for appliance mode will be applied.

Proceed with reload? [confirm]

ciscoasa#

 

 

***

*** --- START GRACEFUL SHUTDOWN ---

Shutting down Application Agent

Shutting down isakmp

Shutting down sw-module

Shutting down License Controller

Shutting down File system

 

 

***

*** --- SHUTDOWN NOW ---

Process shutdown finished

Rebooting... (status 0x9)

..

lina_monitor pro2022 Sep 14 02:16:03 PMLOG: PM IPC UTILITY: Shutting down all ports

 

<OUTPUT TRUNCATED>


 

The reload took 5 mins to finish.

 

ciscoasa> enable

The enable password is not set.  Please set it now.

Enter  Password: ********

Repeat Password: ********

Note: Save your configuration so that the password can be used for FXOS failsafe access and persists across reboots

("write memory" or "copy running-config startup-config").

 

ciscoasa# show fxos mode

Mode is currently set to appliance


ciscoasa# connect fxos

Configuring session.

.

Connecting to FXOS.

...

Connected to FXOS. Escape character sequence is 'CTRL-^X'.

 

NOTICE: You have connected to the FXOS CLI with read-only privileges.

For admin level privileges connect using 'connect fxos admin'.

Config commands and commit-buffer are not supported in appliance mode.

 

 

d used and distributed under

license.

 

Certain components of this software are licensed under the "GNU General Public

License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, Version 3", available here:

http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for

details.

 

Certain components of this software are licensed under the "GNU General Public

License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual

(''Licensing'') for details.

 

Certain components of this software are licensed under the "GNU LESSER GENERAL

PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:

http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for

details.

 

Certain components of this software are licensed under the "GNU Lesser General

Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the

terms of "GNU Lesser General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual

(''Licensing'') for details.

 

Certain components of this software are licensed under the "GNU Library General

Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU Library General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual

(''Licensing'') for details.

 

 

firepower-2120# connect asa

Connection with FXOS terminated.

Type help or '?' for a list of available commands.

 

 

ciscoasa# show version

 

Cisco Adaptive Security Appliance Software Version 9.16(3)19

SSP Operating System Version 2.10(1.207)

Device Manager Version 7.18(1)152

 

Compiled on Wed 03-Aug-22 05:26 GMT by builders

System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.207.SPA"

Config file at boot was "startup-config"

 

ciscoasa up 1 min 24 secs

 

Hardware:   FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)

 

 

 1: Int: Internal-Data0/1    : address is 000f.b748.4801, irq 0

 3: Int: Not licensed        : irq 0

 4: Ext: Management1/1       : address is acbc.d990.bd01, irq 0

 5: Int: Internal-Data1/1    : address is 0000.0100.0001, irq 0

 

License mode: Smart Licensing

 

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited     

Maximum VLANs                     : 1024          

Inside Hosts                      : Unlimited     

Failover                          : Active/Active 

Encryption-DES                    : Enabled       

Encryption-3DES-AES               : Enabled       

Security Contexts                 : 2             

Carrier                           : Disabled      

AnyConnect Premium Peers          : 3500          

AnyConnect Essentials             : Disabled      

Other VPN Peers                   : 3500          

Total VPN Peers                   : 3500          

AnyConnect for Mobile             : Enabled       

AnyConnect for Cisco VPN Phone    : Enabled       

Advanced Endpoint Assessment      : Enabled       

Shared License                    : Disabled      

Total TLS Proxy Sessions          : 8000          

Cluster                           : Disabled      

 

Serial Number: JAD26091234

Configuration register is 0x1

Configuration last modified by enable_1 at 02:23:02.449 UTC Wed Sep 14 2022

 

 

Below are the default ASA configuration.

 

ciscoasa# show run

: Saved

 

:

: Serial Number: JAD26091234

: Hardware:   FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)

:

ASA Version 9.16(3)19

!

hostname ciscoasa

enable password ***** pbkdf2

service-module 0 keepalive-timeout 4

service-module 0 keepalive-counter 6

names

no mac-address auto

 

!

interface Ethernet1/1

 nameif outside

 security-level 0

 ip address dhcp setroute

!

interface Ethernet1/2

 nameif inside

 security-level 100

 ip address 192.168.1.1 255.255.255.0

!            

interface Ethernet1/3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/5

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/6

 shutdown

 no nameif

 no security-level

 no ip address

!            

interface Ethernet1/7

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/8

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/9

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/10

 shutdown

 no nameif

 no security-level

 no ip address

!            

interface Ethernet1/11

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/12

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/13

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/14

 shutdown

 no nameif

 no security-level

 no ip address

!            

interface Ethernet1/15

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet1/16

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Management1/1

 management-only

 nameif management

 security-level 100

 ip address dhcp setroute

!

ftp mode passive

dns domain-lookup outside

dns server-group DefaultDNS

 name-server 208.67.220.220

 name-server 208.67.222.222

object network obj_any

 subnet 0.0.0.0 0.0.0.0

pager lines 24

mtu outside 1500

mtu inside 1500

mtu management 1500

no failover

no failover wait-disable

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

arp rate-limit 32768

!

object network obj_any

 nat (any,outside) dynamic interface

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

timeout conn-holddown 0:00:15

timeout igp stale-route 0:01:10

user-identity default-domain LOCAL

aaa authentication login-history

http server enable

http 0.0.0.0 0.0.0.0 management

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpoint _SmartCallHome_ServerCA

 no validation-usage

 crl configure

crypto ca trustpoint _SmartCallHome_ServerCA2

 no validation-usage

 crl configure

crypto ca trustpool policy

 auto-import

crypto ca certificate chain _SmartCallHome_ServerCA

 certificate ca 0a0142800000014523c844b500000002

    30820560 30820348 a0030201 0202100a 01428000 00014523 c844b500 00000230

    0d06092a 864886f7 0d01010b 0500304a 310b3009 06035504 06130255 53311230

    

<OUTPUT TRUNCATED>

    6b3c1083 c6addea8 cd168e8d f0073771 9ff2abfc 41f5c18b ec00375d 09e54e80

    effab15c 3806a51b 4ae1dc38 2d3cdcab 1f901ad5 4a9ceed1 706cccee f457f818

    ba841234

  quit

crypto ca certificate chain _SmartCallHome_ServerCA2

 certificate ca 0509

    308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500

    3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164

 

<OUTPUT TRUNCATED>

  

    b478a53a 874c8d8a a5d54697 f22c10b9 bc5422c0 01506943 9ef4b2ef 6df8ecda

    f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31abcd

  quit

telnet timeout 5

ssh stricthostkeycheck

ssh timeout 5

ssh version 2

ssh key-exchange group dh-group14-sha256

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.1.20-192.168.1.254 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

dynamic-access-policy-record DfltAccessPolicy

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

!

service-policy global_policy global

prompt hostname context

call-home

 profile License

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination transport-method http

 profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:a8aab95450b804cadd17ffdeeb4d06d2

: end

 

 

Note FPR2100 uses Smart License.

 

ciscoasa# show license summary

 

Smart Licensing is ENABLED

 

Registration:

  Status: REGISTERED

  Smart Account: MY-ACCOUNT

  Virtual Account: Default

  Export-Controlled Functionality: ALLOWED

  Last Renewal Attempt: None

  Next Renewal Attempt: Mar 11 2023 14:02:18 UTC

 

License Authorization:

  Status: AUTHORIZED

  Last Communication Attempt: FAILED

  Next Communication Attempt: Sep 14 2022 02:26:15 UTC

 

 

ciscoasa# show license status

 

Smart Licensing is ENABLED

 

Utility:

  Status: DISABLED

 

Data Privacy:

  Sending Hostname: yes

    Callhome hostname privacy: DISABLED

    Smart Licensing hostname privacy: DISABLED

  Version privacy: DISABLED

 

Transport:

  Type: Callhome

 

Registration:

  Status: REGISTERED

  Smart Account: MY-ACCOUNT

  Virtual Account: Default

  Export-Controlled Functionality: ALLOWED

  Initial Registration: SUCCEEDED on Sep 12 2022 14:02:18 UTC

  Last Renewal Attempt: None

  Next Renewal Attempt: Mar 11 2023 14:02:17 UTC

  Registration Expires: Sep 12 2023 14:00:15 UTC

 

License Authorization:

  Status: AUTHORIZED on Sep 14 2022 02:25:46 UTC

  Last Communication Attempt: FAILED on Sep 14 2022 02:25:46 UTC

    Failure reason: Communication message send error

  Next Communication Attempt: Sep 14 2022 02:26:15 UTC

  Communication Deadline: Dec 11 2022 13:59:27 UTC

 

Export Authorization Key:

  Features Authorized:

    <none>

 

Miscellaneus:

  Custom Id: <empty>

 

 

You can now directly enable/disable interfaces in Appliance mode versus in Platform mode where you perform in FXOS CLI.


ciscoasa# show interface ip brief

Interface                  IP-Address      OK?           Method Status      Protocol

Internal-Data0/1           unassigned      YES           unset  up          up 

Ethernet1/1                unassigned      YES           DHCP   up          up 

Ethernet1/2                192.168.1.1     YES           CONFIG up          up 

Ethernet1/3                unassigned      YES           unset  admin down  down

Ethernet1/4                unassigned      YES           unset  admin down  down

Ethernet1/5                unassigned      YES           unset  admin down  down

Ethernet1/6                unassigned      YES           unset  admin down  down

Ethernet1/7                unassigned      YES           unset  admin down  down

Ethernet1/8                unassigned      YES           unset  admin down  down

Ethernet1/9                unassigned      YES           unset  admin down  down

Ethernet1/10               unassigned      YES           unset  admin down  down

Ethernet1/11               unassigned      YES           unset  admin down  down

Ethernet1/12               unassigned      YES           unset  admin down  down

Ethernet1/13               unassigned      YES           unset  admin down  down

Ethernet1/14               unassigned      YES           unset  admin down  down

Ethernet1/15               unassigned      YES           unset  admin down  down

Ethernet1/16               unassigned      YES           unset  admin down  down

Internal-Data1/1           169.254.1.1     YES           unset  up          up 

Management1/1              10.10.4.2    YES           manual up          up 

 

ciscoasa(config)# interface e1/3

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# interface e1/12

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# end

 

ciscoasa# show interface ip brief

Interface                  IP-Address      OK?           Method Status      Protocol

Internal-Data0/1           unassigned      YES           unset  up          up 

Ethernet1/1                unassigned      YES           DHCP   up          up 

Ethernet1/2                192.168.1.1     YES           CONFIG up          up 

Ethernet1/3                unassigned      YES           unset  up          up 

Ethernet1/4                unassigned      YES           unset  admin down  down

Ethernet1/5                unassigned      YES           unset  admin down  down

Ethernet1/6                unassigned      YES           unset  admin down  down

Ethernet1/7                unassigned      YES           unset  admin down  down

Ethernet1/8                unassigned      YES           unset  admin down  down

Ethernet1/9                unassigned      YES           unset  admin down  down

Ethernet1/10               unassigned      YES           unset  admin down  down

Ethernet1/11               unassigned      YES           unset  admin down  down

Ethernet1/12               unassigned      YES           unset  up          up 

Ethernet1/13               unassigned      YES           unset  admin down  down

Ethernet1/14               unassigned      YES           unset  admin down  down

Ethernet1/15               unassigned      YES           unset  admin down  down

Ethernet1/16               unassigned      YES           unset  admin down  down

Internal-Data1/1           169.254.1.1     YES           unset  up          up 

Management1/1              10.10.4.2    YES           manual up          up  

 

No comments:

Post a Comment