cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
29884
Views
35
Helpful
6
Replies

ASA-5510 physical interface speed

joedansereau
Level 1
Level 1

I know I have to purchase a security plus license to get gigabit speed on the asa-5510. The problem is the system is fully configured and online and the ports I want to upgrade are not e0/0 & e0/1. Is there any reason to limit which ports can be upgraded to specific ports instead of allowing me to choose which 2 ports I want to make gigabit? The "sh int" command for each port shows an identical physical interface hardware type (i82546GB rev03).

1 Accepted Solution

Accepted Solutions

JORGE RODRIGUEZ
Level 10
Level 10

Joe,  you have a great point .  As far as I know e0 and e1  are the only interfaces capable of being gigabit,  at least  until now with 8.2.x code sec plus lic,  ..  Im sure it is not a hardware limitation that the remaining interfaces cannot  do gig  ,  my wild  guess is  more of a  marketing reason   to make you buy the four port  gigabit module that you can house on the unit.... or perhaps in in future codes cisco decides to enable the remaining interfaces to gigs .

I ran into a similar requirements and was forced to re-arange the physical interfaces and logical to  use e2 as outside  e3 as inside  in order to gain access to the gig interfaces .

My suggestion is to look head in the design  and the firewall capabilities to plan accordingly on how to utilized the interfaces before they even get deployed or migrated from PIXs.

Regards

Jorge Rodriguez

View solution in original post

6 Replies 6

JORGE RODRIGUEZ
Level 10
Level 10

Joe,  you have a great point .  As far as I know e0 and e1  are the only interfaces capable of being gigabit,  at least  until now with 8.2.x code sec plus lic,  ..  Im sure it is not a hardware limitation that the remaining interfaces cannot  do gig  ,  my wild  guess is  more of a  marketing reason   to make you buy the four port  gigabit module that you can house on the unit.... or perhaps in in future codes cisco decides to enable the remaining interfaces to gigs .

I ran into a similar requirements and was forced to re-arange the physical interfaces and logical to  use e2 as outside  e3 as inside  in order to gain access to the gig interfaces .

My suggestion is to look head in the design  and the firewall capabilities to plan accordingly on how to utilized the interfaces before they even get deployed or migrated from PIXs.

Regards

Jorge Rodriguez

Thanks for the reply. There was new infrastructure put in alongside what was already there and multiple pre-existing site to site vpn's, so changing the the config would be no easy task. The 4 port module is a great idea if you don't already have the AIP module in the slot. Now an AIP with 4 extra GB ports would be nice. It would be great if they did allow you to choose which 2 ports to change to. Maybe they think infrastructure doesn't change after initial deployment. You shouldn't have to completely reconfigure a device due to a marketing ploy when you add new hardware.

Thanks again

Any comments from Cisco on this limitation?

Anybody from Cisco want to reply? Limiting the number of interfaces is fine but let me choose the interfaces unless there is a internal hardware limitation for the requirement. I have the AIP module in the device so installing the multiport GbE module in not an option.

GIG interface support for ASA5510 which was introduced with 7.2 code upgrade.


ASA 7.2 release notes:

http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn723.h​tml#wp272663​

ASA 5510 Security Plus License Allows Gigabit Ethernet for Port 0 and 1

The ASA 5510 adaptive security appliance now has the security plus
license to enable GE (Gigabit Ethernet) for port 0 and 1. If you upgrade
the license from base to security plus, the capacity of the external
port Ethernet0/0 and Ethernet0/1 increases from the original FE (Fast
Ethernet) (100 Mbps) to GE (1000 Mbps). The interface names will remain
Ethernet 0/0 and Ethernet 0/1. Use the speed command to change the speed
on the interface and use the show interface command to see what speed is
currently configured for each interface.

I had to find this information for someone else today and google hits showed this posting as one of the
top hit sites (thanks to our support forum). 

Hopefully if someone looks for this information in the future they will get this link above.

-KS

d.stigall
Level 1
Level 1

I also have the 5510 with Security Plus and Version 9.1(1) software. E0/0 (outside) is now running at 1000, but e0/1 (inside) when set to speed 1000 causes all the link lights on the e0/1 port to go off. When e0/1 is set to speed auto or just defaulted then it reconnects at 100FD. I have used a Fluke LinkRunnerPro attached to e0/1, attempting a connect at 1000 and get nothing. Is the ASA V9.1(1) software bug ridden with regards to this feature?

We have one Lan to Lan IPsec vpn configured and working and two inbound ports: RDP and PPTP--they all work.

I can buy a cheap Firewall and have none of these problems....

 

Doug

Houston, Tx

I've not used a 5510 with 9.1(1) but have used them with many other versions and never had that problem. There have been four subsequent releases in the 9.1 train (9.1(5) is current) and no published bugs mention that issue.

It sounds like it could be a hardware issue. If you have support, the TAC would be happy to confirm and issue an RMA unit if that's the case.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: