02-05-2010 07:33 AM - edited 03-11-2019 10:05 AM
I know I have to purchase a security plus license to get gigabit speed on the asa-5510. The problem is the system is fully configured and online and the ports I want to upgrade are not e0/0 & e0/1. Is there any reason to limit which ports can be upgraded to specific ports instead of allowing me to choose which 2 ports I want to make gigabit? The "sh int" command for each port shows an identical physical interface hardware type (i82546GB rev03).
Solved! Go to Solution.
02-05-2010 03:42 PM
Joe, you have a great point . As far as I know e0 and e1 are the only interfaces capable of being gigabit, at least until now with 8.2.x code sec plus lic, .. Im sure it is not a hardware limitation that the remaining interfaces cannot do gig , my wild guess is more of a marketing reason to make you buy the four port gigabit module that you can house on the unit.... or perhaps in in future codes cisco decides to enable the remaining interfaces to gigs .
I ran into a similar requirements and was forced to re-arange the physical interfaces and logical to use e2 as outside e3 as inside in order to gain access to the gig interfaces .
My suggestion is to look head in the design and the firewall capabilities to plan accordingly on how to utilized the interfaces before they even get deployed or migrated from PIXs.
Regards
02-05-2010 03:42 PM
Joe, you have a great point . As far as I know e0 and e1 are the only interfaces capable of being gigabit, at least until now with 8.2.x code sec plus lic, .. Im sure it is not a hardware limitation that the remaining interfaces cannot do gig , my wild guess is more of a marketing reason to make you buy the four port gigabit module that you can house on the unit.... or perhaps in in future codes cisco decides to enable the remaining interfaces to gigs .
I ran into a similar requirements and was forced to re-arange the physical interfaces and logical to use e2 as outside e3 as inside in order to gain access to the gig interfaces .
My suggestion is to look head in the design and the firewall capabilities to plan accordingly on how to utilized the interfaces before they even get deployed or migrated from PIXs.
Regards
02-08-2010 12:08 PM
Thanks for the reply. There was new infrastructure put in alongside what was already there and multiple pre-existing site to site vpn's, so changing the the config would be no easy task. The 4 port module is a great idea if you don't already have the AIP module in the slot. Now an AIP with 4 extra GB ports would be nice. It would be great if they did allow you to choose which 2 ports to change to. Maybe they think infrastructure doesn't change after initial deployment. You shouldn't have to completely reconfigure a device due to a marketing ploy when you add new hardware.
Thanks again
Any comments from Cisco on this limitation?
03-08-2010 09:44 AM
Anybody from Cisco want to reply? Limiting the number of interfaces is fine but let me choose the interfaces unless there is a internal hardware limitation for the requirement. I have the AIP module in the device so installing the multiport GbE module in not an option.
08-28-2010 07:05 AM
GIG interface support for ASA5510 which was introduced with 7.2 code upgrade.
ASA 7.2 release notes:
http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn723.html#wp272663
ASA 5510 Security Plus License Allows Gigabit Ethernet for Port 0 and 1
The ASA 5510 adaptive security appliance now has the security plus
license to enable GE (Gigabit Ethernet) for port 0 and 1. If you upgrade
the license from base to security plus, the capacity of the external
port Ethernet0/0 and Ethernet0/1 increases from the original FE (Fast
Ethernet) (100 Mbps) to GE (1000 Mbps). The interface names will remain
Ethernet 0/0 and Ethernet 0/1. Use the speed command to change the speed
on the interface and use the show interface command to see what speed is
currently configured for each interface.
I had to find this information for someone else today and google hits showed this posting as one of the
top hit sites (thanks to our support forum).
Hopefully if someone looks for this information in the future they will get this link above.
-KS
06-20-2014 06:29 AM
I also have the 5510 with Security Plus and Version 9.1(1) software. E0/0 (outside) is now running at 1000, but e0/1 (inside) when set to speed 1000 causes all the link lights on the e0/1 port to go off. When e0/1 is set to speed auto or just defaulted then it reconnects at 100FD. I have used a Fluke LinkRunnerPro attached to e0/1, attempting a connect at 1000 and get nothing. Is the ASA V9.1(1) software bug ridden with regards to this feature?
We have one Lan to Lan IPsec vpn configured and working and two inbound ports: RDP and PPTP--they all work.
I can buy a cheap Firewall and have none of these problems....
Doug
Houston, Tx
06-20-2014 06:47 AM
I've not used a 5510 with 9.1(1) but have used them with many other versions and never had that problem. There have been four subsequent releases in the 9.1 train (9.1(5) is current) and no published bugs mention that issue.
It sounds like it could be a hardware issue. If you have support, the TAC would be happy to confirm and issue an RMA unit if that's the case.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: