Default Interface Configuration; Vlan Mac Addresses; Power Over Ethernet; Monitoring Traffic Using Span - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Interface Overview
Default Interface Configuration
If your adaptive security appliance includes the default factory configuration, your interfaces are
configured as follows:
•
•
Restore the default factory configuration using the configure factory-default command.
Use the procedures in this chapter to modify the default configuration, for example, to add VLAN
interfaces.
If you do not have a factory default configuration, all switch ports are in VLAN 1, but no other
parameters are configured.
VLAN MAC Addresses
In routed firewall mode, all VLAN interfaces share a MAC address. Ensure that any connected switches
can support this scenario. If the connected switches require unique MAC addresses, you can manually
assign MAC addresses.
In transparent firewall mode, each VLAN has a unique MAC address. You can override the generated
MAC addresses if desired by manually assigning MAC addresses.
Power Over Ethernet
Ethernet 0/6 and Ethernet 0/7 support PoE for devices such as IP phones or wireless access points. If you
install a non-PoE device or do not connect to these switch ports, the adaptive security appliance does not
supply power to the switch ports.
If you shut down the switch port using the shutdown command, you disable power to the device. Power
is restored when you enter no shutdown. See the
page 4-9
To view the status of PoE switch ports, including the type of device connected (Cisco or IEEE 802.3af),
use the show power inline command.
Monitoring Traffic Using SPAN
If you want to monitor traffic that enters or exits one or more switch ports, you can enable SPAN, also
known as switch port monitoring. The port for which you enable SPAN (called the destination port)
receives a copy of every packet transmitted or received on a specified source port. The SPAN feature lets
you attach a sniffer to the destination port so you can monitor all traffic; without SPAN, you would have
to attach a sniffer to every port you want to monitor. You can only enable SPAN for one destination port.
Cisco Security Appliance Command Line Configuration Guide
4-4
Chapter 4
Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
The outside interface (security level 0) is VLAN 2.
Ethernet0/0 is assigned to VLAN 2 and is enabled.
The VLAN 2 IP address is obtained from the DHCP server.
The inside interface (security level 100) is VLAN 1
Ethernet 0/1 through Ethernet 0/7 are assigned to VLAN 1 and is enabled.
VLAN 1 has IP address 192.168.1.1.
for more information about shutting down a switch port.
"Configuring Switch Ports as Access Ports" section on
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
