Filter
Top Products
7-3
Cisco ASDM User Guide
OL-16647-01
Chapter 7 Configuring Interfaces in Single Mode
Interface Overview
• If you use a redundant interface for the failover or state link, you must put a switch or hub between
the two units; you cannot connect them directly. Without the switch or hub, you could have the active
port on the primary unit connected directly to the standby port on the secondary unit.
• You can monitor redundant interfaces for failover; be sure to reference the logical redundant
interface name.
• When the active interface fails over to the standby interface, this activity does not cause the
redundant interface to appear to be failed when being monitored for device-level failover. Only when
both physical interfaces fail does the redundant interface appear to be failed.
Redundant Interface MAC Address
The redundant interface uses the MAC address of the first physical interface that you add. If you change
the order of the member interfaces in the configuration, then the MAC address changes to match the
MAC address of the interface that is now listed first. Alternatively, you can assign a MAC address to the
redundant interface, which is used regardless of the member interface MAC addresses (see the
“Configuring an Interface (Single Mode)” section on page 7-5 or the “Configuring Security Contexts”
section on page 10-16). When the active interface fails over to the standby, the same MAC address is
maintained so that traffic is not disrupted.
Physical Interface Guidelines for Use in a Redundant Interface
Follow these guidelines when adding member interfaces:
• Both member interfaces must be of the same physical type. For example, both must be Ethernet.
• When you add a physical interface to the redundant interface, the name, IP address, and security
level is removed.
Caution If you are using a physical interface already in your configuration, removing the name will clear any
configuration that refers to the interface.
• The only configuration available to physical interfaces that are part of a redundant interface pair are
physical parameters.
• If you shut down the active interface, then the standby interface becomes active.
VLAN Subinterface and 802.1Q Trunking Overview
Subinterfaces let you divide a physical or redundant interface into multiple logical interfaces that are
tagged with different VLAN IDs. An interface with one or more VLAN subinterfaces is automatically
configured as an 802.1Q trunk. Because VLANs allow you to keep traffic separate on a given physical
interface, you can increase the number of interfaces available to your network without adding additional
physical interfaces or security appliances.
This section includes the following topics:
• Maximum Subinterfaces, page 7-4
• Preventing Untagged Packets on the Physical Interface, page 7-4