Cisco ASA 5505 Configuration Manual page 245

Chapter 8 Configuring Interfaces
Configuring VLAN Interfaces
This section describes how to configure VLAN interfaces. For more information about ASA 5505
interfaces, see the
Detailed Steps
If you enabled Easy VPN, you cannot add or delete VLAN interfaces, nor can you edit the security level
Note
or interface name. We suggest that you finalize your interface configuration before you enable Easy
VPN.
Choose the Configuration > Device Setup > Interfaces pane.
Step 1
On the Interfaces tab, click Add.
Step 2
The Add Interface dialog box appears with the General tab selected.
In the Available Switch Ports pane, choose a switch port, and click Add.
Step 3
You see the following message:
"switchport is associated with name interface. Adding it to this interface, will remove it from name
interface. Do you want to continue?"
Click OK to add the switch port.
You will always see this message when adding a switch port to an interface; switch ports are assigned to
the VLAN 1 interface by default even when you do not have any configuration.
Repeat for any other switch ports that you want to carry this VLAN.
Note
Click the Advanced tab.
Step 4
Note
Step 5 In the VLAN ID field, enter the VLAN ID for this interface, between 1 and 4090.
If you do not want to assign the VLAN ID, ASDM assigns one for you randomly.
Step 6 (Optional for the Base license) To allow this interface to be the third VLAN by limiting it from initiating
contact to one other VLAN, in the Block Traffic From this Interface to drop-down list, choose the VLAN
to which this VLAN interface cannot initiate traffic.
With the Base license, you can only configure a third VLAN if you use this command to limit it.
For example, you have one VLAN assigned to the outside for Internet access, one VLAN assigned to an
inside business network, and a third VLAN assigned to your home network. The home network does not
need to access the business network, so you can use this option on the home VLAN; the business network
can access the home network, but the home network cannot access the business network.
OL-20339-01
"ASA 5505 Interfaces" section on page
Removing a switch port from an interface essentially just reassigns that switch port to VLAN 1,
because the default VLAN interface for switch ports is VLAN 1.
You receive an error message about setting the IP address. You can either set the IP address and
other parameters now, or you can finish configuring the VLAN and switch ports by clicking Yes,
and later set the IP address and other parameters according to the
Configuration (All Models)" section on page
Starting Interface Configuration (ASA 5505)
8-2.
8-21.
Cisco ASA 5500 Series Configuration Guide using ASDM
"Completing Interface
8-17