Cisco ASA 5505 (8.05): interfaces do not come up after reload

For some reason, I have to run no shutdown on each real physical interface to get them to come up after a reload.

To test, I did the following: write erase to blow away my config, reload and said no to save changes. At the prompt hit no the "interactive setup", enable then conf t then pasted my config in.

I then ran copy run startup followed by reload.

Reboots, configs all there, but interfaces are down. Try reload again, same thing.

Kind of freaked out to deploy this thing somewhere for fear that the interfaces won't come up after a reboot.

Here's the interface portion of my config:

 interface Vlan1
  nameif web
  security-level 50
  ip address 192.168.10.1 255.255.255.0
 !
 interface Vlan2
  nameif mgmt
  security-level 100
  ip address 192.168.20.1 255.255.255.0
 !
 interface Vlan3
  nameif outside
  security-level 0
  ip address 10.0.0.10 255.255.255.0
 !
 interface Ethernet0/0
  switchport access vlan 3
 !
 interface Ethernet0/1
 !
 interface Ethernet0/2
  switchport access vlan 2
 !
 interface Ethernet0/3
  shutdown
 !
 interface Ethernet0/4
  shutdown
 !
 interface Ethernet0/5
  shutdown
 !
 interface Ethernet0/6
  shutdown
 !
 interface Ethernet0/7
  shutdown
 !

One thing that's kind of odd is that even if I run switchport access vlan 1 under int e0/1, it never seems to save that and always leaves it empty.

EDIT

Ok, if at some point I run no shutdown on the interfaces and then copy run startup, subsequent reloads seem to bring the interface. However, I don't see anything in my show run to indicate that the no shutdown statement is saved anywhere (doing a diff before and after proves it too).

Ok fair enough, but after running no shutdown on an interface, it doesn't show up in the config afterwards in show run?

What I'm saying is, if you want to backup your config by copy/pasting it to a text file, the no shutdown statements aren't there: you'd then have to edit your text file to include no shutdown for each interface. Seems ridiculous to me.

You could backup your config over tftp. Copy running-config tftp: and then restore over tftp. This should keep everything the same but you have to establish network connectivity to retrieve the backup.

Now why would show run copy/paste from the terminal into a text file be any different than a TFTP backup? This is what seems asinine: that the no shutdown command doesn't actually appear in the configuration files.

Because copy tftp: replaces the configuration file. Pasting a config simply modifies it.

I realize that, and so does write erase and reload, but my point is that there's nowhere in the config file, regardless of how it was transferred, that says, "light up these interfaces" -- you either have to console in and run no shutdown or you have to alter your TFTP'ed or copy/pasted config text file to include those no shutdown commands.

Saving backup to TFTP copies the exact config to the TFTP server. Show run hides passwords, and may include a whole bunch of more lines. That isn't really helpful for this question, but copy to TFTP server is a true backup of the config.

Any config line you precede with a no gets removed from the config, so you won't see it in your config. If you have ever looked at the 200 page config of a VPN concentrator that includes all the lines for things you haven't configured, believe me you will understand the wisdom of this approach.