8-17
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 8 Configuring Interfaces
Starting Interface Configuration (ASA 5505)
Configuring VLAN Interfaces
This section describes how to configure VLAN interfaces. For more information about ASA 5505
interfaces, see the “ASA 5505 Interfaces” section on page 8-2.
Detailed Steps
Note If you enabled Easy VPN, you cannot add or delete VLAN interfaces, nor can you edit the security level
or interface name. We suggest that you finalize your interface configuration before you enable Easy
VPN.
Step 1 Choose the Configuration > Device Setup > Interfaces pane.
Step 2 On the Interfaces tab, click Add.
The Add Interface dialog box appears with the General tab selected.
Step 3 In the Available Switch Ports pane, choose a switch port, and click Add.
You see the following message:
“switchport is associated with name interface. Adding it to this interface, will remove it from name
interface. Do you want to continue?”
Click OK to add the switch port.
You will always see this message when adding a switch port to an interface; switch ports are assigned to
the VLAN 1 interface by default even when you do not have any configuration.
Repeat for any other switch ports that you want to carry this VLAN.
Note Removing a switch port from an interface essentially just reassigns that switch port to VLAN 1,
because the default VLAN interface for switch ports is VLAN 1.
Step 4 Click the Advanced tab.
Note You receive an error message about setting the IP address. You can either set the IP address and
other parameters now, or you can finish configuring the VLAN and switch ports by clicking Ye s,
and later set the IP address and other parameters according to the “Completing Interface
Configuration (All Models)” section on page 8-21.
Step 5 In the VLAN ID field, enter the VLAN ID for this interface, between 1 and 4090.
If you do not want to assign the VLAN ID, ASDM assigns one for you randomly.
Step 6 (Optional for the Base license) To allow this interface to be the third VLAN by limiting it from initiating
contact to one other VLAN, in the Block Traffic From this Interface to drop-down list, choose the VLAN
to which this VLAN interface cannot initiate traffic.
With the Base license, you can only configure a third VLAN if you use this command to limit it.
For example, you have one VLAN assigned to the outside for Internet access, one VLAN assigned to an
inside business network, and a third VLAN assigned to your home network. The home network does not
need to access the business network, so you can use this option on the home VLAN; the business network
can access the home network, but the home network cannot access the business network.
To Next Page
Loading...
Need help?
General
