Lab Firewall Upgrade – Cisco ASA 5506W-XsteemCreated with Sketch.

in #networking8 years ago (edited)

I recently upgraded my lab firewall from the aging Cisco ASA 5505 to the brand new Cisco ASA 5506W-X.  Since this device is so new, there is no information available yet about resolving any of the “gotchas” so I thought I would share a a couple of them.

The first thing you will notice about the 5506 is that, unlike the 5505, it does not have any switch ports.  It does have 8 gigabit ethernet ports on the back of it, however they are all routed interfaces.  This means that is you want or need L2 switched interfaces, you will need an additional external switch.  So for those SMB deployment situations you will need to keep that in mind.

The second thing you might run across is an issue with the internal wireless access point.  the ASA 5506W-X includes an integrated Aironet 702.  The AP is hardwired to an internal 9th gigabit ethernet port.  The AP also has a completely separate configuration from the ASA itself.  The issue that I had with my AP was that it came out of the box with either a corrupt or non-standard configuration and as such the AP was not correctly getting a DHCP address from the gigabit ethernet 1/9 as it should, so the web UI was no accessible.  Also when I tried to access the AP console via the “session wlan console” command, I was unable to get into privileged mode because the password was not default.  The only way to correct this issue is reset the configuration of the AP.  To do this you will need to run the following command from privileged mode on the ASA:

hw-module module wlan recover configuration

After running this command and rebooting the wlan module, it came up with a completely standard default configuration which resolved both the issue of the AP not getting a DHCP address as well as the enable password not being default.