Cisco ASA 5505 User Manual

7-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 7 Starting Interface Configuration (ASA 5505)

Starting ASA 5505 Interface Configuration

switchport trunk native vlan

vlan_id

Example:

hostname(config-if)# switchport trunk

native vlan 100

Assigns a native VLAN to the trunk, where the vlan_id is a single
VLAN ID between 1 and 4090.

Packets on the native VLAN are not modified when sent over the
trunk. For example, if a port has VLANs 2, 3 and 4 assigned to it,
and VLAN 2 is the native VLAN, then packets on VLAN 2 that
egress the port are not modified with an 802.1Q header. Frames
which ingress (enter) this port and have no 802.1Q header are put
into VLAN 2.

Each port can only have one native VLAN, but every port can have
either the same or a different native VLAN.

Step 3

switchport mode trunk

Example:

hostname(config-if)# switchport mode trunk

Makes this switch port a trunk port. To restore this port to access
mode, enter the switchport mode access command.

Step 4

(Optional)

switchport protected

Example:

hostname(config-if)# switchport protected

Prevents the switch port from communicating with other
protected switch ports on the same VLAN.

You might want to prevent switch ports from communicating with
each other if the devices on those switch ports are primarily
accessed from other VLANs, you do not need to allow
intra-VLAN access, and you want to isolate the devices from each
other in case of infection or other security breach. For example, if
you have a DMZ that hosts three web servers, you can isolate the
web servers from each other if you apply the switchport
protected command to each switch port. The inside and outside
networks can both communicate with all three web servers, and
vice versa, but the web servers cannot communicate with each
other.

Step 5

(Optional)

speed

{auto | 10 | 100}

Example:

hostname(config-if)# speed 100

Sets the speed. The auto setting is the default. If you set the speed
to anything other than auto on PoE ports Ethernet 0/6 or 0/7, then
Cisco IP phones and Cisco wireless access points that do not
support IEEE 802.3af will not be detected and supplied with
power.

Step 6

(Optional)

duplex

{auto | full | half}

Example:

hostname(config-if)# duplex full

Sets the duplex. The auto setting is the default. If you set the
duplex to anything other than auto on PoE ports Ethernet 0/6 or
0/7, then Cisco IP phones and Cisco wireless access points that do
not support IEEE 802.3af will not be detected and supplied with
power.

Step 7

no shutdown

Example:

hostname(config-if)# no shutdown

Enables the switch port. To disable the switch port, enter the
shutdown command.

Command

Purpose