Filter
Top Products
7-8
Cisco ASDM User Guide
OL-16647-01
Chapter 7 Configuring Interfaces in Single Mode
Enabling Same Security Level Communication (Single Mode)
parameters. For RJ-45 interfaces on the ASA 5500 series adaptive security appliance, the default
auto-negotiation setting also includes the Auto-MDI/MDIX feature. Auto-MDI/MDIX eliminates
the need for crossover cabling by performing an internal crossover when a straight cable is detected
during the auto-negotiation phase. Either the speed or duplex must be set to auto-negotiate to enable
Auto-MDI/MDIX for the interface. If you explicitly set both the speed and duplex to a fixed value,
thus disabling auto-negotiation for both settings, then Auto-MDI/MDIX is also disabled.
d. Click OK to accept the Hardware Properties changes.
Step 9 (Optional) To set the MTU or to enable jumbo frame support (ASA 5580 only), click the Advanced tab
and enter the value in the MTU field, between 300 and 65,535 bytes.
The default is 1500 bytes. For the ASA 5580, if you enter a value for any interface that is greater than
1500, then you enable jumbo frame support automatically for all interfaces. If you set the MTU for all
interfaces back to a value under 1500, then jumbo frame support is disabled.
Note Enabling or disabling jumbo frame support requires you to reboot the security appliance.
A jumbo frame is an Ethernet packet larger than the standard maximun of 1518 bytes (including Layer
2 header and FCS), up to 9216 bytes. Jumbo frames require extra memory to process, and assigning more
memory for jumbo frames might limit the the maximum use of other features, such as access lists.
Step 10 (Optional) To manually assign a MAC address to this interface, on the Advanced tab enter a MAC
address in the Active Mac Address field in H.H.H format, where H is a 16-bit hexadecimal digit. For
example, the MAC address 00-0C-F1-42-4C-DE would be entered as 000C.F142.4CDE.
If you use failover, enter the standby MAC address in the Standby Mac Address field. If the active unit
fails over and the standby unit becomes active, the new active unit starts using the active MAC addresses
to minimize network disruption, while the old active unit uses the standby address.
By default, the physical interface uses the burned-in MAC address, and all subinterfaces of a physical
interface use the same burned-in MAC address. A redundant interface uses the MAC address of the first
physical interface that you add. If you change the order of the member interfaces in the configuration,
then the MAC address changes to match the MAC address of the interface that is now listed first. If you
assign a MAC address to the redundant interface using this field, then it is used regardless of the member
interface MAC addresses.
You might want to assign unique MAC addresses to subinterfaces. For example, your service provider
might perform access control based on the MAC address.
Step 11 Click OK.
Enabling Same Security Level Communication (Single Mode)
By default, interfaces on the same security level cannot communicate with each other. Allowing
communication between same-security interfaces lets you configure more than 101 communicating
interfaces. If you use different levels for each interface and do not assign any interfaces to the same
security level, you can configure only one interface per level (0 to 100).
Note If you enable NAT control, you do not need to configure NAT between same security level interfaces.