Shutdown interface on an ASA.

Unanswered Question
Nov 18th, 2008

Hey all. This must be a pretty straightforward query...

When you 'shutdown' an ASA interface, the status is 'administratively shutdown' but physically the link is still 'up' (link LED on the ASA and the switch it connects to!). Why? On a router or switch, a 'shutdown' will physically shut the port down (link LEDs off). Any idea why this is different on an ASA?

I look forward to your comments.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ajagadee Tue, 11/18/2008 - 05:55

Hi Darren,

The below explanation should answer your question.

In IOS:

Show interface ethernet

ine protocol is {up | down | administratively down}- Indicates whether the software processes that handle the line protocol believe the interface is usable (that is, whether keepalives are successful) or if it has been taken down by an administrator.

http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoin.html#wp1056673

In ASA,

Show interface Gig

Line protocol is state

The line status, as follows:

•up-A working cable is plugged into the network interface.

•down-Either the cable is incorrect or not plugged into the interface connector.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s3_72.html#wp1283345

From a Lab Chassis:

ciscoasa# sh run int gi0/0

!

interface GigabitEthernet0/0

shutdown

nameif outside

security-level 0

ip address 1.1.1.1 255.255.255.252

ciscoasa#

ciscoasa# sh int gi0/0

Interface GigabitEthernet0/0 "outside", is administratively down, line protocol

is up

Hardware is i82546GB rev03, BW 1000 Mbps

Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

Regards,

Arul

**Pls rate if it helps*

dazza_johnson Tue, 11/18/2008 - 06:01

Hi Arul, many thanks for your response. My query was more to do with 'why' the interface is not shutdown physically, lik the switch/router. I know this is done by software, but wondered if here was a reason for the ASA is different to the switch/router when it comes to shutdown?

Any ideas?

ryderse69 Fri, 07/13/2012 - 13:18

I didn't see this answered and I just found myself with this same issue so I thought I'd add a bit to this. I know it's a bit dated so I hope no one minds.

The difference is simply how IOS treats 'shutdown' compared to the ASA. The affect is not the same across both platforms.

In IOS, shutdown will shut off all SW processes related the line protocol (among other things) and therefore the Line state goes down.

In the ASA world, it's not the same. When you admin shut an interface on an ASA it does not disable SW processes related to the line protocol.

In the ASA world, the meaning of 'line up/down' is also different than IOS. For ASA, 'line down' means there is no physical connection on that interface or it's the wrong type of cable and that's it. It does not indicate, one way or the other, the status of the SW processes related to the line protocol. IOS does indicate this however.

IOS

line protocol is {up | down | administratively down}

Indicates whether the software processes that handle the line protocol believe the interface is usable (that is, whether keepalives are successful) or if it has been taken down by an administrator.

ASA

Line protocol is state

The line status, as follows:

up—A working cable is plugged into the network interface.

down—Either the cable is incorrect or not plugged into the interface connector.

Another way to put it might be this...

In IOS, the Line state is indicative of layer 2 functionality.

In ASA, the Line state is indicative of layer 1 functionality only.


Hope this helps.

Thank you,

-Steve

nkarthikeyan Sat, 07/14/2012 - 04:08

Even i had the same problems when i did some implementation with asa 5550. My guess over here is even though we make the ASA interface shut also.... still from the other end we are getting the link traffic.... that might be an optical signal/electrical signal... it makes only the logical shutdown of that interface... not the physical....

Please rate if the given information helps

Regards

Karthik

Actions

This Discussion