Tue, 04/07/2009 - 06:24
User Badges:
  • Silver, 250 points or more


If you have an interface say it gigabit ethernet 0/1 in order to create a subinterface of gigabitethernet 0/1 you have to issue the command:

interface gigabitethernet 0/1.x where x is a number (say it 1..for example)...

I hope this help.s

Best regards.


networker99 Tue, 04/07/2009 - 06:25
User Badges:

I tried that but I get the following

ciscoasa(config-if)# int ethernet0/0.100


ERROR: % Invalid input detected at '^' marker.

MarcinChameleon Mon, 01/09/2012 - 13:13
User Badges:

I got similar problem.

My ASA says ethernet instead of Giga.

I def have Security Plus license, Check in "about" via ASDM.

Please help.


varrao Mon, 01/09/2012 - 13:25
User Badges:
  • Red, 2250 points or more

Hi Marcin,

do you have the same ASA 5505???


MarcinChameleon Mon, 01/09/2012 - 13:29
User Badges:

Thanks, it is ASA 8.2

But I did that:

ciscoasa(config)# int e0/0

ciscoasa(config-if)# no nameif

ciscoasa(config-if)# no sec

ciscoasa(config-if)# no security-level

ciscoasa(config-if)# no ip ad

ciscoasa(config-if)# no ip address

and got this when trying to create subinterface:

ciscoasa(config)# int ethernet 0/0.1


ERROR: % Invalid input detected at '^' marker.

Any ideas?

varrao Mon, 01/09/2012 - 15:14
User Badges:
  • Red, 2250 points or more

You cannot create sub-interfaces on the physical interface on the ASA 5505 but you would need to create vlan interfaces as specified above.



MarcinChameleon Mon, 01/09/2012 - 15:52
User Badges:

I thought that with security plus license I can?

Basically I need outside interface to listen on more than 2 public IPs.

As outside interface is on /28 network.

If I create config as Andrew adicesed, will that work?


Julio Carvajal Mon, 01/09/2012 - 17:00
User Badges:
  • Purple, 4500 points or more

Hello Marcin,

The thing with the ASA 5505 is that without the security plus license you will not be able to have more than 2 interfaces unrestricted. So that is why you need it.

Now that you have it you can create more vlans with the suggestions Andrew have provided you.

Seems like you want the ASA to have connectivity to the outside using 2 ip addreses on the same subnet, that will not be possible as each vlan interface got to be on a different broadcast domain. You can configure the ASA to proxy-arp more than 1 ip address on its outside interface by using static nat.

Also remember that the ASA does not support PBR.

Hope this helps.

Do rate helpful posts.


You cannot have an ASA "listen" i.e have an interface configured with 2 ip addresses.  You configure 1 ip address on the outside, and your ISP will "route" the other ip range to that IP and you can then assign the other IP range to another seperate interface, or as Julio has also pointed out.


MarcinChameleon Wed, 02/08/2012 - 02:49
User Badges:

Hi All,

I had to return the ASA 5505 because of lack of functionality I was looking for.

It’s pretty shame for cisco ASA 5505 and the money you pay for it, and then cannot do job as old Watchguard x1000 L

Thanks for  all support.



This Discussion