Cisco FirePOWER ASA 5500 series Configuration Manual page 78

Configuring VLAN Interfaces
If you are using failover, do not use this procedure to name interfaces that you are reserving for failover
Note
communications. See
If you change the security level of an interface, and you do not want to wait for existing connections to
time out before the new security information is used, you can clear the connections using the
clear local-host command.
To configure a VLAN interface, perform the following steps:
To specify the VLAN ID, enter the following command:
Step 1
hostname(config)# interface vlan number
Where the number is between 1 and 1001.
For example, enter the following command:
hostname(config)# interface vlan 100
To remove this VLAN interface and all associated configuration, enter the no interface vlan command.
Because this interface also includes the interface name configuration, and the name is used in other
commands, those commands are also removed.
(Optional) For the Base license, allow this interface to be the third VLAN by limiting it from initiating
Step 2
contact to one other VLAN using the following command:
hostname(config-if)# no forward interface vlan number
Where number specifies the VLAN ID to which this VLAN interface cannot initiate traffic.
With the Base license, you can only configure a third VLAN if you use this command to limit it.
For example, you have one VLAN assigned to the outside for Internet access, one VLAN assigned to an
inside business network, and a third VLAN assigned to your home network. The home network does not
need to access the business network, so you can use the no forward interface command on the home
VLAN; the business network can access the home network, but the home network cannot access the
business network.
If you already have two VLAN interfaces configured with a nameif command, be sure to enter the no
forward interface command before the nameif command on the third interface; the adaptive security
appliance does not allow three fully functioning VLAN interfaces with the Base license on the ASA 5505
adaptive security appliance.
Note
(Optional) For the Security Plus license, allow the use of a fourth VLAN by specifying a VLAN as a
Step 3
backup ISP link to this interface by using the following command:
hostname(config-if)# backup interface vlan number
Where number specifies the VLAN ID of the backup interface.
Cisco Security Appliance Command Line Configuration Guide
4-6
Chapter 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
Chapter 14, "Configuring Failover,"
If you upgrade to the Security Plus license, you can remove this command and achieve full
functionality for this interface. If you leave this command in place, this interface continues to be
limited even after upgrading.
to configure the failover link.
OL-10088-01