8-19
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 8 Configuring Interfaces
Starting Interface Configuration (ASA 5505)
By default, the VLAN ID is derived from the VLAN interface configuration you completed in
“Configuring VLAN Interfaces” section on page 8-17 (on the Configuration > Device Setup > Interfaces
> Interfaces > Add/Edit Interface dialog box). You can change the VLAN assignment in this dialog box.
Be sure to apply the change to update the VLAN configuration with the new information. If you want to
specify a VLAN that has not yet been added, we suggest you add the VLAN according to the
“Configuring VLAN Interfaces” section on page 8-17 rather than specifying it in this dialog box; in
either case, you need to add the VLAN according to the “Configuring VLAN Interfaces” section on
page 8-17 and assign the switch port to it.
Step 7 (Optional) To prevent the switch port from communicating with other protected switch ports on the same
VLAN, check the Isolated check box.
This option prevents the switch port from communicating with other protected switch ports on the same
VLAN. You might want to prevent switch ports from communicating with each other if the devices on
those switch ports are primarily accessed from other VLANs, you do not need to allow intra-VLAN
access, and you want to isolate the devices from each other in case of infection or other security breach.
For example, if you have a DMZ that hosts three web servers, you can isolate the web servers from each
other if you apply the Protected option to each switch port. The inside and outside networks can both
communicate with all three web servers, and vice versa, but the web servers cannot communicate with
each other.
Step 8 (Optional) From the Duplex drop-down list, choose Full, Half, or Auto.
The Auto setting is the default. If you set the duplex to anything other than Auto on PoE ports Ethernet
0/6 or 0/7, then Cisco IP phones and Cisco wireless access points that do not support IEEE 802.3af will
not be detected and supplied with power.
Step 9 (Optional) From the Speed drop-down list, choose 10, 100, or Auto.
The Auto setting is the default. If you set the speed to anything other than Auto on PoE ports Ethernet
0/6 or 0/7, then Cisco IP phones and Cisco wireless access points that do not support IEEE 802.3af will
not be detected and supplied with power.
Step 10 Click OK.
What to Do Next
If you want to configure a switch port as a trunk port, see the “Configuring and Enabling Switch Ports
as Trunk Ports” section on page 8-19.
To complete the interface configuration, see the “Completing Interface Configuration (All Models)”
section on page 8-21.
Configuring and Enabling Switch Ports as Trunk Ports
This procedure describes how to create a trunk port that can carry multiple VLANs using 802.1Q
tagging. Trunk mode is available only with the Security Plus license.
To create an access port, where an interface is assigned to only one VLAN, see the “Configuring and
Enabling Switch Ports as Access Ports” section on page 8-18.
For more information about ASA 5505 interfaces, see the “ASA 5505 Interfaces” section on page 8-2.
To Next Page
Loading...
Need help?
General
