8-4
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 8 Configuring Interfaces
Information About Interfaces
See Figure 8-2 for an example network.
Figure 8-2 ASA 5505 Adaptive Security Appliance with Security Plus License
VLAN MAC Addresses
• Routed firewall mode—All VLAN interfaces share a MAC address. Ensure that any connected
switches can support this scenario. If the connected switches require unique MAC addresses, you
can manually assign MAC addresses. See the “Configuring Advanced Interface Parameters” section
on page 8-26.
• Transparent firewall mode—Each VLAN has a unique MAC address. You can override the generated
MAC addresses if desired by manually assigning MAC addresses. See the “Configuring Advanced
Interface Parameters” section on page 8-26.
Power over Ethernet
Ethernet 0/6 and Ethernet 0/7 support PoE for devices such as IP phones or wireless access points. If you
install a non-PoE device or do not connect to these switch ports, the adaptive security appliance does not
supply power to the switch ports.
If you shut down the switch port, you disable power to the device. Power is restored when you enable
the portd. See the “Configuring and Enabling Switch Ports as Access Ports” section on page 8-18 for
more information about shutting down a switch port.
Monitoring Traffic Using SPAN
If you want to monitor traffic that enters or exits one or more switch ports, you can enable SPAN, also
known as switch port monitoring. The port for which you enable SPAN (called the destination port)
receives a copy of every packet transmitted or received on a specified source port. The SPAN feature lets
you attach a sniffer to the destination port so you can monitor all traffic; without SPAN, you would have
to attach a sniffer to every port you want to monitor. You can only enable SPAN for one destination port.
ASA 5505
with Security Plus
License
Failover
ASA 5505
Inside
Backup ISP
Primary ISP
DMZ
Failover Link
153365
To Next Page
Loading...
Need help?
General
