Reg. ASA 5510 Base license mgmt interface query

Jun 22nd, 2010


Can we configure ASA 5510 with base license to make the management interface run as the data interface . If yes , let me know
if there is any document for the same

Federico Coto F... Tue, 06/22/2010 - 11:26


As far as I'm aware, you can use the management interface as a data interface by just changing the ''management-only'' under the interface.

The restriction based on license is if you have a base license all five interfaces are 10/100, but if you have the security plus license, 2 of those interfaces can run at 10/100/1000


ankurs2008 Tue, 06/22/2010 - 13:11

Please let me know if there is document available regarding the same .

ankurs2008 Tue, 06/22/2010 - 15:48


I cud not finding anything related to the above question in the URL given

Federico Coto F... Tue, 06/22/2010 - 16:00

That link says you can turn the management interface into a data interface with the command ''no management-only'' and there's no license required to do that.

I happen to have an ASA-5510 with Base License sitting here with me:

GTI-Secure# sh ver

Cisco Adaptive Security Appliance Software Version 8.0(4)
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

GTI-Secure up 117 days 9 hours

Hardware:   ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0         : address is 000a.b89c.c802, irq 9
1: Ext: Ethernet0/1         : address is 000a.b89c.c803, irq 9
2: Ext: Ethernet0/2         : address is 000a.b89c.c804, irq 9
3: Ext: Ethernet0/3         : address is 000a.b89c.c805, irq 9
4: Ext: Management0/0       : address is 000a.b89c.c806, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50       
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
Security Contexts            : 0        
GTP/GPRS                     : Disabled 
VPN Peers                    : 250      
WebVPN Peers                 : 2        
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2       

This platform has a Base license.

interface Management0/0
no nameif
no security-level
no ip address

GTI-Secure(config)# int mana
GTI-Secure(config)# int management 0/0
GTI-Secure(config-if)# no management-only

GTI-Secure(config-if)# exit

interface Management0/0
no nameif
no security-level
no ip address

So, the management interface can be used as a data interface.


Jennifer Halim Mon, 06/28/2010 - 03:16

Yes, the management interface can be used to pass normal data traffic when you disable "management-only" from the management interface with ASA 5510 base license when you are running version 7.2.2 and above if i am not mistaken. The earlier version of code with ASA 5510 base license only allows the management interface as management only interface, not data traffic.

Jennifer Halim Mon, 06/28/2010 - 03:56

The document is correct for the earlier version of ASA code. The later version of code supports management interface as a data or pass through interface.

Initially when ASA 5510 was just introduced, base license was only restricted to 3 interfaces with 1 management interface (that only allows mgmt traffic). However, since 7.2.2, ASA 5510 with base license allow 5 interfaces, and the mgmt interface can be used to pass traffic.


