Filter
Top Products
9-10
Cisco ASDM User Guide
OL-16647-01
Chapter 9 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
Configuring VLAN Interfaces
Modes
The following table shows the modes in which this feature is available:
Add/Edit Interface > Advanced
The Add/Edit Interface > Advanced tab lets you set the MTU, VLAN ID, MAC addresses, and other
options.
Fields
• MTU—Sets the MTU from 300 to 65,535 bytes. The default is 1500 bytes. For multiple context
mode, set the MTU in the context configuration.
• VLAN ID—Sets the VLAN ID for this interface between 1 and 4090. If you do not want to assign
the VLAN ID, ASDM assigns one for you randomly.
• Mac Address Cloning—Manually assigns MAC addresses.
By default in routed mode, all VLANs use the same MAC address. In transparent mode, the VLANs
use unique MAC addresses. You might want to set unique VLANs or change the generated VLANs
if your switch requires it, or for access control purposes.
–
Active Mac Address—Assigns a MAC address to the interface in H.H.H format, where H is a
16-bit hexadecimal digit. For example, the MAC address 00-0C-F1-42-4C-DE would be entered
as 000C.F142.4CDE.
–
Standby Mac Address—For use with failover, set the Standby Mac Address. If the active unit
fails over and the standby unit becomes active, the new active unit starts using the active MAC
addresses to minimize network disruption, while the old active unit uses the standby address.
• Block Traffic—Restrict this VLAN interface from initiating contact to another VLAN.
With the Base license, you can only configure a third VLAN if you use this option to limit it.
For example, you have one VLAN assigned to the outside for Internet access, one VLAN assigned
to an inside business network, and a third VLAN assigned to your home network. The home network
does not need to access the business network, so you can use the Restrict Traffic Flow option on the
home VLAN; the business network can access the home network, but the home network cannot
access the business network.
If you already have two VLAN interfaces configured with a name, be sure to enable the Restrict
Traffic Flow option before you name the third interface; the adaptive security appliance does not
allow three fully functioning VLAN interfaces with the Base license on the ASA 5505 adaptive
security appliance and will not allow you to configure one.
Note If you upgrade to the Security Plus license, you can remove this option and achieve full
functionality for this interface. If you leave this option enabled, this interface continues to
be limited even after upgrading.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • •——