8-2
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 8 Configuring Interfaces
Information About Interfaces
• Security Levels, page 8-5
• Dual IP Stack, page 8-6
• Management Interface (ASA 5510 and Higher), page 8-6
ASA 5505 Interfaces
This section describes the ports and interfaces of the ASA 5505 adaptive security appliance and includes
the following topics:
• Understanding ASA 5505 Ports and Interfaces, page 8-2
• Maximum Active VLAN Interfaces for Your License, page 8-2
• VLAN MAC Addresses, page 8-4
• Power over Ethernet, page 8-4
Understanding ASA 5505 Ports and Interfaces
The ASA 5505 adaptive security appliance supports a built-in switch. There are two kinds of ports and
interfaces that you need to configure:
• Physical switch ports—The adaptive security appliance has 8 Fast Ethernet switch ports that forward
traffic at Layer 2, using the switching function in hardware. Two of these ports are PoE ports. See
the “Power over Ethernet” section on page 8-4 for more information. You can connect these
interfaces directly to user equipment such as PCs, IP phones, or a DSL modem. Or you can connect
to another switch.
• Logical VLAN interfaces—In routed mode, these interfaces forward traffic between VLAN
networks at Layer 3, using the configured security policy to apply firewall and VPN services. In
transparent mode, these interfaces forward traffic between the VLANs on the same network at Layer
2, using the configured security policy to apply firewall services. See the “Maximum Active VLAN
Interfaces for Your License” section for more information about the maximum VLAN interfaces.
VLAN interfaces let you divide your equipment into separate VLANs, for example, home, business,
and Internet VLANs.
To segregate the switch ports into separate VLANs, you assign each switch port to a VLAN interface.
Switch ports on the same VLAN can communicate with each other using hardware switching. But when
a switch port on VLAN 1 wants to communicate with a switch port on VLAN 2, then the adaptive
security appliance applies the security policy to the traffic and routes or bridges between the two
VLANs.
Maximum Active VLAN Interfaces for Your License
In transparent firewall mode, you can configure the following VLANs depending on your license:
• Base license—2 active VLANs.
• Security Plus license—3 active VLANs, one of which must be for failover.
In routed mode, you can configure the following VLANs depending on your license: Base license
• Base license—3 active VLANs. The third VLAN can only be configured to initiate traffic to one
other VLAN. See Figure 8-1 for more information.
• Security Plus license—20 active VLANs.
To Next Page
Loading...
Need help?
General
