4-7
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
Configuring VLAN Interfaces
You can configure up to five VLANs with the Security Plus license. You can configure three VLAN
interfaces for normal traffic, one VLAN interface for failover, and one VLAN interface as a backup link
to your ISP. The backup link to the ISP must be identified by the backup interface command. The
backup interface does not pass through traffic unless the default route through the primary interface fails.
To ensure that traffic can pass over the backup interface in case the primary fails, be sure to configure
default routes on both the primary and backup interfaces so that the backup interface can be used when
the primary fails. For example, you can configure two default routes: one for the primary interface with
a lower administrative distance, and one for the backup interface with a higher distance. To configure
dual ISP support, see the “Configuring Static Route Tracking” section on page 9-3.
Step 4 To name the interface, enter the following command:
hostname(config-if)# nameif name
The name is a text string up to 48 characters, and is not case-sensitive. You can change the name by
reentering this command with a new value. Do not enter the no form, because that command causes all
commands that refer to that name to be deleted.
Step 5 To set the security level, enter the following command:
hostname(config-if)# security-level number
Where number is an integer between 0 (lowest) and 100 (highest).
Step 6 (Routed mode only) To set the IP address, enter one of the following commands.
Note To set an IPv6 address, see the “Configuring IPv6 on an Interface” section on page 12-3.
To set the management IP address for transparent firewall mode, see the “Setting the
Management IP Address for a Transparent Firewall” section on page 8-5. In transparent mode,
you do not set the IP address for each interface, but rather for the whole adaptive security
appliance or context.
For failover, you must set the IP address an standby address manually; DHCP and PPPoE are not
supported.
• To set the IP address manually, enter the following command:
hostname(config-if)# ip address ip_address [mask] [standby ip_address]
The standby keyword and address is used for failover. See Chapter 14, “Configuring Failover,” for
more information.
• To obtain an IP address from a DHCP server, enter the following command:
hostname(config-if)# ip address dhcp [setroute]
Reenter this command to reset the DHCP lease and request a new lease.
If you do not enable the interface using the no shutdown command before you enter the ip address
dhcp command, some DHCP requests might not be sent.
• To obtain an IP address from a PPPoE server, see Chapter 35, “Configuring the PPPoE Client.”
Step 7 (Optional) To assign a private MAC address to this interface, enter the following command:
hostname(config-if)# mac-address mac_address [standby mac_address]
To Next Page
Loading...
