Cisco ASA 5505 User Manual

5-20

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 5 Configuring Multiple Context Mode

Configuring Multiple Contexts

Step 3

To allocate a physical interface:

allocate-interface

physical_interface

[mapped_name] [visible | invisible]

To allocate one or more subinterfaces:

allocate-interface

physical_interface.subinterface[-physical_

interface.subinterface]

[mapped_name[-mapped_name]] [visible |

invisible

]

Example:

hostname(config-ctx)# allocate-interface

gigabitethernet0/1.100 int1

hostname(config-ctx)# allocate-interface

gigabitethernet0/1.200 int2

hostname(config-ctx)# allocate-interface

gigabitethernet0/2.300-gigabitethernet0/2.

305 int3-int8

Specifies the interfaces you can use in the context. Do not include
a space between the interface type and the port number.

Enter these commands multiple times to specify different ranges.
If you remove an allocation with the no form of this command,
then any context commands that include this interface are
removed from the running configuration.

Transparent firewall mode allows a limited number of interfaces
to pass through traffic; however, you can use a dedicated
management interface, Management slot/port, (physical,
subinterface, redundant, or EtherChannel) as an additional
interface for management traffic. The management interface for
transparent mode does not flood a packet out the interface when
that packet is not in the MAC address table.

You can assign the same interfaces to multiple contexts in routed
mode, if desired.

The mapped_name is an alphanumeric alias for the interface that
can be used within the context instead of the interface ID. If you
do not specify a mapped name, the interface ID is used within the
context. For security purposes, you might not want the context
administrator to know which interfaces are being used by the
context. A mapped name must start with a letter, end with a letter
or digit, and have as interior characters only letters, digits, or an
underscore. For example, you can use the following names:

int0, inta, int_0

If you specify a range of subinterfaces, you can specify a
matching range of mapped names. Follow these guidelines for
ranges:

•

The mapped name must consist of an alphabetic portion
followed by a numeric portion. The alphabetic portion of the
mapped name must match for both ends of the range. For
example, enter the following range:

int0-int10

If you enter

gig0/1.1-gig0/1.5 happy1-sad5

, for example,

the command fails.

•

The numeric portion of the mapped name must include the
same quantity of numbers as the subinterface range. For
example, both ranges include 100 interfaces:

gigabitethernet0/0.100-gigabitethernet0/0.199

int1-int100

If you enter

gig0/0.100-gig0/0.199 int1-int15

, for

example, the command fails.

Specify visible to see the real interface ID in the show interface
command if you set a mapped name. The default invisible
keyword shows only the mapped name.

Command

Purpose