Switched Interfaces - Cisco AMP8050 Hardware Installation

Chapter 6 Deploying Firepower Managed Devices
You cannot configure bypass interfaces on an ASA FirePOWER device using the Firepower
Management Center. For information on configuring an ASA FirePOWER device in inline mode, see the
ASA documentation.

Switched Interfaces

You can configure switched interfaces on a Firepower device in a Layer 2 deployment to provide packet
switching between two or more networks. You can also configure virtual switches on Firepower devices
to operate as standalone broadcast domains, dividing your network into logical segments. A virtual
switch uses the media access control (MAC) address from a host to determine where to send packets.
Switched interfaces can have either a physical or logical configuration:
•
•
Virtual switches can operate as standalone broadcast domains, dividing your network into logical
segments. A virtual switch uses the media access control (MAC) address from a host to determine where
to send packets. When you configure a virtual switch, the switch initially broadcasts packets through
every available port on the switch. Over time, the switch uses tagged return traffic to learn which hosts
reside on the networks connected to each port.
You can configure your device as a virtual switch and use the remaining interfaces to connect to network
segments you want to monitor. To use a virtual switch on your device, create physical switched interfaces
and then follow the instructions for Setting Up Virtual Switches in the Firepower Management Center
Configuration Guide.
Routed Interfaces
You can configure routed interfaces on a Firepower device in a Layer 3 deployment so that it routes
traffic between two or more interfaces. You must assign an IP address to each interface and assign the
interfaces to a virtual router to route traffic.
You can configure routed interfaces for use with a gateway virtual private network (gateway VPN) or
with network address translation (NAT). For more information, see
page 6-10
You can also configure the system to route packets by making packet forwarding decisions according to
the destination address. Interfaces configured as routed interfaces receive and forward the Layer 3
traffic. Routers obtain the destination from the outgoing interface based on the forwarding criteria, and
access control rules designate the security policies to be applied.
Routed interfaces can have either a physical or logical configuration:
•
•
To use routed interfaces in a Layer 3 deployment, you must configure virtual routers and assign routed
interfaces to them. A virtual router is a group of routed interfaces that route Layer 3 traffic.
Physical switched interfaces are physical interfaces with switching configured. Use physical
switched interfaces to handle untagged VLAN traffic.
Logical switched interfaces are an association between a physical interface and a VLAN tag. Use
logical interfaces to handle traffic with designated VLAN tags.
and Deploying with Policy-Based NAT, page
Physical routed interfaces are physical interfaces with routing configured. Uses physical routed
interfaces to handle untagged VLAN traffic.
Logical switched interfaces are an association between a physical interface and a VLAN tag. Use
logical interfaces to handle traffic with designated VLAN tags.
Understanding Sensing Interfaces
Deploying a Gateway VPN,
6-11.
Firepower 8000 Series Hardware Installation Guide
6-3