0

我有一个透明模式的 ASA 5505,带有 Security plus 许可证

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
VLANs                             : 20             DMZ Unrestricted
Dual ISPs                         : Enabled        perpetual
VLAN Trunk Ports                  : 8              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Standby perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
AnyConnect Premium Peers          : 25             perpetual
AnyConnect Essentials             : 25             perpetual
Other VPN Peers                   : 25             perpetual
Total VPN Peers                   : 25             perpetual
Shared License                    : Enabled        perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Enabled        perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

在尝试使用以下命令编辑 vlan 时:int vlan 7 我收到了回复ERROR: % Cannot allocate MAC address to interface

这与单击添加新接口时 ASDM 中的错误消息有关吗?我收到错误消息“您的系统中不能有超过 3 个 vlan”?如果是这样,为什么我会收到此消息?

ASA Version 9.1(6)8
!
firewall transparent
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 3
shutdown
!
interface Ethernet0/3
switchport access vlan 4
shutdown
!
interface Ethernet0/4
switchport access vlan 5
shutdown
!
interface Ethernet0/5
switchport access vlan 6
shutdown
!
interface Ethernet0/6
switchport access vlan 7
!
interface Ethernet0/7
switchport access vlan 8
!
interface Vlan1
description Management Pc Connection
nameif inside
bridge-group 1
security-level 100
!
interface Vlan2
description Dead End - No Connection
nameif outside
bridge-group 1
security-level 0
!
interface Vlan8
description Management Pc Connection
nameif ManPc-HpILO
bridge-group 4
security-level 100
!
interface BVI1
description ASA Management Bridge Group
ip address 
!
interface BVI3
description Vmware Bridge Group
ip address 
!
interface BVI4
description HP ILO 4 Bridge Group
ip address 
!
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
mtu ManPc-HpILO 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat     0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart     warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:e02cea00fefdea428cbbd8994f237335
: end
4

1 回答 1

1

我不知道透明模式并不能完全分享许可限额。

据思科称,

安全增强许可证 + 透明模式
3 个活动 VLAN(1 个网桥组中的 2 个活动 VLAN,加上 1 个用于故障转移的活动 VLAN)

于 2016-10-08T09:13:03.003 回答