Cisco ASA 5505 User Manual

Page 273

Advertising
background image

6-31

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 6 Starting Interface Configuration (ASA 5510 and Higher)

Starting Interface Configuration (ASA 5510 and Higher)

Guidelines and Limitations

Maximum subinterfaces—To determine how many VLAN subinterfaces are allowed for your
platform, see the

“Licensing Requirements for ASA 5510 and Higher Interfaces” section on

page 6-8

.

Preventing untagged packets on the physical interface—If you use subinterfaces, you typically do
not also want the physical interface to pass traffic, because the physical interface passes untagged
packets. This property is also true for the active physical interface in a redundant interface pair.
Because the physical or redundant interface must be enabled for the subinterface to pass traffic,
ensure that the physical or redundant interface does not pass traffic by leaving out the nameif
command. If you want to let the physical or redundant interface pass untagged packets, you can
configure the nameif command as usual. See

Chapter 8, “Completing Interface Configuration

(Routed Mode),”

or

Chapter 9, “Completing Interface Configuration (Transparent Mode),”

for more

information about completing the interface configuration.

(ASA 5512-X through ASA 5555-X) You cannot configure subinterfaces on the Management 0/0
interface.

Prerequisites

For multiple context mode, complete this procedure in the system execution space. To change from the
context to the system execution space, enter the changeto system command.

Detailed Steps

Command

Purpose

Step 1

interface

{physical_interface | redundant

number | port-channel number}.subinterface

Example:

hostname(config)# interface

gigabitethernet 0/1.100

Specifies the new subinterface. See the

“Enabling the Physical

Interface and Configuring Ethernet Parameters”

section for a

description of the physical interface ID.

The redundant number argument is the redundant interface ID,
such as redundant 1.

The port-channel number argument is the EtherChannel interface
ID, such as port-channel 1.

The subinterface ID is an integer between 1 and 4294967293.

Step 2

vlan

vlan_id

Example:

hostname(config-subif)# vlan 101

Specifies the VLAN for the subinterface. The vlan_id is an integer
between 1 and 4094. Some VLAN IDs might be reserved on
connected switches, so check the switch documentation for more
information.

You can only assign a single VLAN to a subinterface, and you
cannot assign the same VLAN to multiple subinterfaces. You
cannot assign a VLAN to the physical interface. Each subinterface
must have a VLAN ID before it can pass traffic. To change a
VLAN ID, you do not need to remove the old VLAN ID with the
no option; you can enter the vlan command with a different
VLAN ID, and the ASA changes the old ID.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals