Maximum Subinterfaces; Preventing Untagged Packets On The Physical Interface; Adding A Subinterface - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring VLAN Subinterfaces and 802.1Q Trunking
Maximum Subinterfaces
To determine how many subinterfaces are allowed for your platform, see
and Specifications."
Preventing Untagged Packets on the Physical Interface
If you use subinterfaces, you typically do not also want the physical interface to pass traffic, because the
physical interface passes untagged packets. This property is also true for the active physical interface in
a redundant interface pair. Because the physical or redundant interface must be enabled for the
subinterface to pass traffic, ensure that the physical or redundant interface does not pass traffic by
leaving out the nameif command. If you want to let the physical or redundant interface pass untagged
packets, you can configure the nameif command as usual. See the
section on page 7-1
Adding a Subinterface
To add a subinterface and assign a VLAN to it, perform the following steps:
Step 1
To specify the new subinterface, enter the following command:
hostname(config)# interface { physical_interface | redundant number }. subinterface
hostname(config-subif)#
See the
ID.
The redundant number argument is the redundant interface ID, such as redundant 1.
The subinterface ID is an integer between 1 and 4294967293.
The following command adds a subinterface to a Gigabit Ethernet interface:
hostname(config)# interface gigabitethernet 0/1.100
The following command adds a subinterface to a redundant interface:
hostname(config)# interface redundant 1.100
To specify the VLAN for the subinterface, enter the following command:
Step 2
hostname(config-subif)# vlan vlan_id
The vlan_id is an integer between 1 and 4094. Some VLAN IDs might be reserved on connected
switches, so check the switch documentation for more information.
You can only assign a single VLAN to a subinterface, and not to the physical interface. Each subinterface
must have a VLAN ID before it can pass traffic. To change a VLAN ID, you do not need to remove the
old VLAN ID with the no option; you can enter the vlan command with a different VLAN ID, and the
security appliance changes the old ID.
To enable the subinterface (if you previously disabled it), enter the following command:
Step 3
hostname(config-subif)# no shutdown
Cisco Security Appliance Command Line Configuration Guide
5-8
for more information about completing the interface configuration.
"Configuring and Enabling RJ-45 Interfaces"
Chapter 5
Configuring Ethernet Settings, Redundant Interfaces, and Subinterfaces
section for a description of the physical interface
Appendix A, "Feature Licenses
"Configuring Interface Parameters"
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
