8-14
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 8 Configuring Interfaces
Starting Interface Configuration (ASA 5510 and Higher)
What to Do Next
Optional Task:
• Configure VLAN subinterfaces. See the “Configuring VLAN Subinterfaces and 802.1Q Trunking”
section on page 8-14.
Required Tasks:
• For multiple context mode, assign interfaces to contexts and automatically assign unique MAC
addresses to context interfaces. See the “Assigning Interfaces to Contexts and Automatically
Assigning MAC Addresses (Multiple Context Mode)” section on page 8-16.
• For single context mode, complete the interface configuration. See the “Completing Interface
Configuration (All Models)” section on page 8-21.
Changing the Active Interface
By default, the active interface is the first interface listed in the configuration, if it is available. To view
which interface is active, enter the following command in the Tools > Command Line Interface tool:
show interface redundantnumber detail | grep Member
For example:
show interface redundant1 detail | grep Member
Members GigabitEthernet0/3(Active), GigabitEthernet0/2
To change the active interface, enter the following command:
redundant-interface redundantnumber active-member physical_interface
where the redundantnumber argument is the redundant interface ID, such as redundant1.
The physical_interface is the member interface ID that you want to be active.
Configuring VLAN Subinterfaces and 802.1Q Trunking
Subinterfaces let you divide a physical or redundant interface into multiple logical interfaces that are
tagged with different VLAN IDs. An interface with one or more VLAN subinterfaces is automatically
configured as an 802.1Q trunk. Because VLANs allow you to keep traffic separate on a given physical
interface, you can increase the number of interfaces available to your network without adding additional
physical interfaces or adaptive security appliances. This feature is particularly useful in multiple context
mode so that you can assign unique interfaces to each context.
Guidelines and Limitations
• Maximum subinterfaces—To determine how many VLAN subinterfaces are allowed for your
platform, see the “Licensing Requirements for Interfaces” section on page 8-6.
• Preventing untagged packets on the physical interface—If you use subinterfaces, you typically do
not also want the physical interface to pass traffic, because the physical interface passes untagged
packets. This property is also true for the active physical interface in a redundant interface pair.
Because the physical or redundant interface must be enabled for the subinterface to pass traffic,
ensure that the physical or redundant interface does not pass traffic by not configuring a name for
the interface. If you want to let the physical or redundant interface pass untagged packets, you can
configure the name as usual. See the “Completing Interface Configuration (All Models)” section on
page 8-21 for more information about completing the interface configuration.
To Next Page
Loading...
Need help?
General
