Cisco ASA 5505 Configuration Manual page 247

Chapter 8 Configuring Interfaces
By default, the VLAN ID is derived from the VLAN interface configuration you completed in
"Configuring VLAN Interfaces" section on page 8-17
> Interfaces > Add/Edit Interface dialog box). You can change the VLAN assignment in this dialog box.
Be sure to apply the change to update the VLAN configuration with the new information. If you want to
specify a VLAN that has not yet been added, we suggest you add the VLAN according to the
"Configuring VLAN Interfaces" section on page 8-17
either case, you need to add the VLAN according to the
page 8-17
Step 7 (Optional) To prevent the switch port from communicating with other protected switch ports on the same
VLAN, check the Isolated check box.
This option prevents the switch port from communicating with other protected switch ports on the same
VLAN. You might want to prevent switch ports from communicating with each other if the devices on
those switch ports are primarily accessed from other VLANs, you do not need to allow intra-VLAN
access, and you want to isolate the devices from each other in case of infection or other security breach.
For example, if you have a DMZ that hosts three web servers, you can isolate the web servers from each
other if you apply the Protected option to each switch port. The inside and outside networks can both
communicate with all three web servers, and vice versa, but the web servers cannot communicate with
each other.
(Optional) From the Duplex drop-down list, choose Full, Half, or Auto.
Step 8
The Auto setting is the default. If you set the duplex to anything other than Auto on PoE ports Ethernet
0/6 or 0/7, then Cisco IP phones and Cisco wireless access points that do not support IEEE 802.3af will
not be detected and supplied with power.
(Optional) From the Speed drop-down list, choose 10, 100, or Auto.
Step 9
The Auto setting is the default. If you set the speed to anything other than Auto on PoE ports Ethernet
0/6 or 0/7, then Cisco IP phones and Cisco wireless access points that do not support IEEE 802.3af will
not be detected and supplied with power.
Click OK.
Step 10
What to Do Next
If you want to configure a switch port as a trunk port, see the
as Trunk Ports" section on page
To complete the interface configuration, see the
section on page
Configuring and Enabling Switch Ports as Trunk Ports
This procedure describes how to create a trunk port that can carry multiple VLANs using 802.1Q
tagging. Trunk mode is available only with the Security Plus license.
To create an access port, where an interface is assigned to only one VLAN, see the
Enabling Switch Ports as Access Ports" section on page
For more information about ASA 5505 interfaces, see the
OL-20339-01
and assign the switch port to it.
8-19.
8-21.
Starting Interface Configuration (ASA 5505)
(on the Configuration > Device Setup > Interfaces
rather than specifying it in this dialog box; in
"Configuring VLAN Interfaces" section on
"Configuring and Enabling Switch Ports
"Completing Interface Configuration (All Models)"
8-18.
"ASA 5505 Interfaces" section on page
Cisco ASA 5500 Series Configuration Guide using ASDM
"Configuring and
8-2.
8-19