Cisco ASA 5505 Configuration Manual page 242

Starting Interface Configuration (ASA 5510 and Higher)
What to Do Next
Optional Task:
•
Required Tasks:
•
•
Changing the Active Interface
By default, the active interface is the first interface listed in the configuration, if it is available. To view
which interface is active, enter the following command in the Tools > Command Line Interface tool:
show interface redundantnumber detail | grep Member
For example:
show interface redundant1 detail | grep Member
To change the active interface, enter the following command:
redundant-interface redundantnumber active-member physical_interface
where the redundantnumber argument is the redundant interface ID, such as redundant1.
The physical_interface is the member interface ID that you want to be active.
Configuring VLAN Subinterfaces and 802.1Q Trunking
Subinterfaces let you divide a physical or redundant interface into multiple logical interfaces that are
tagged with different VLAN IDs. An interface with one or more VLAN subinterfaces is automatically
configured as an 802.1Q trunk. Because VLANs allow you to keep traffic separate on a given physical
interface, you can increase the number of interfaces available to your network without adding additional
physical interfaces or adaptive security appliances. This feature is particularly useful in multiple context
mode so that you can assign unique interfaces to each context.
Guidelines and Limitations
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
8-14
Configure VLAN subinterfaces. See the
section on page 8-14.
For multiple context mode, assign interfaces to contexts and automatically assign unique MAC
addresses to context interfaces. See the
Assigning MAC Addresses (Multiple Context Mode)" section on page
For single context mode, complete the interface configuration. See the
Configuration (All Models)" section on page
Members GigabitEthernet0/3(Active), GigabitEthernet0/2
Maximum subinterfaces—To determine how many VLAN subinterfaces are allowed for your
platform, see the "Licensing Requirements for Interfaces" section on page
Preventing untagged packets on the physical interface—If you use subinterfaces, you typically do
not also want the physical interface to pass traffic, because the physical interface passes untagged
packets. This property is also true for the active physical interface in a redundant interface pair.
Because the physical or redundant interface must be enabled for the subinterface to pass traffic,
ensure that the physical or redundant interface does not pass traffic by not configuring a name for
the interface. If you want to let the physical or redundant interface pass untagged packets, you can
configure the name as usual. See the
page 8-21 for more information about completing the interface configuration.
"Configuring VLAN Subinterfaces and 802.1Q Trunking"
"Assigning Interfaces to Contexts and Automatically
8-21.
"Completing Interface Configuration (All Models)" section on
Chapter 8 Configuring Interfaces
8-16.
"Completing Interface
8-6.
OL-20339-01