1-10
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Starting Interface Configuration (ASA 5505)
  Starting ASA 5505 Interface Configuration
switchport trunk native vlan vlan_id
Example:
hostname(config-if)# switchport trunk 
native vlan 100
Assigns a native VLAN to the trunk, where the vlan_id is a single 
VLAN ID between 1 and 4090.
Packets on the native VLAN are not modified when sent over the 
trunk. For example, if a port has VLANs 2, 3 and 4 assigned to it, 
and VLAN 2 is the native VLAN, then packets on VLAN 2 that 
egress the port are not modified with an 802.1Q header. Frames 
which ingress (enter) this port and have no 802.1Q header are put 
into VLAN 2.
Each port can only have one native VLAN, but every port can have 
either the same or a different native VLAN.
Step 3
switchport mode trunk
Example:
hostname(config-if)# switchport mode trunk
Makes this switch port a trunk port. To restore this port to access 
mode, enter the switchport mode access command.
Step 4
(Optional)
switchport protected
Example:
hostname(config-if)# switchport protected
Prevents the switch port from communicating with other 
protected switch ports on the same VLAN.
You might want to prevent switch ports from communicating with 
each other if the devices on those switch ports are primarily 
accessed from other VLANs, you do not need to allow 
intra-VLAN access, and you want to isolate the devices from each 
other in case of infection or other security breach. For example, if 
you have a DMZ that hosts three web servers, you can isolate the 
web servers from each other if you apply the switchport 
protected command to each switch port. The inside and outside 
networks can both communicate with all three web servers, and 
vice versa, but the web servers cannot communicate with each 
other.
Step 5
(Optional)
speed {auto | 10 | 100}
Example:
hostname(config-if)# speed 100
Sets the speed. The auto setting is the default. If you set the speed 
to anything other than auto on PoE ports Ethernet 0/6 or 0/7, then 
Cisco IP phones and Cisco wireless access points that do not 
support IEEE 802.3af will not be detected and supplied with 
power.
Step 6
(Optional)
duplex {auto | full | half}
Example:
hostname(config-if)# duplex full
Sets the duplex. The auto setting is the default. If you set the 
duplex to anything other than auto on PoE ports Ethernet 0/6 or 
0/7, then Cisco IP phones and Cisco wireless access points that do 
not support IEEE 802.3af will not be detected and supplied with 
power.
Step 7
no shutdown
Example:
hostname(config-if)# no shutdown
Enables the switch port. To disable the switch port, enter the 
shutdown command.
Command Purpose