Filter
Top Products
9-12
Cisco ASDM User Guide
OL-16647-01
Chapter 9 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
Configuring Switch Ports
• Mode—The mode, Access or Trunk. Access ports can be assigned to one VLAN. Trunk ports can
carry multiple VLANs using 802.1Q tagging. Trunk mode is available only with the Security Plus
license.
• Protected—Shows if this switch port is protected, Yes or No. This option prevents the switch port
from communicating with other protected switch ports on the same VLAN. You might want to
prevent switch ports from communicating with each other if the devices on those switch ports are
primarily accessed from other VLANs, you do not need to allow intra-VLAN access, and you want
to isolate the devices from each other in case of infection or other security breach. For example, if
you have a DMZ that hosts three web servers, you can isolate the web servers from each other if you
apply the Protected option to each switch port. The inside and outside networks can both
communicate with all three web servers, and vice versa, but the web servers cannot communicate
with each other.
• Edit—Edits the switch port.
Modes
The following table shows the modes in which this feature is available:
Edit Switch Port
The Edit Switch Port dialog box lets you configure the mode, assign a switch port to a VLAN, and set
the Protected option.
Fields
• Switch Port—Display only. Shows the selected switch port ID.
• Enable Switch Port—Enables this switch port.
• Mode and VLAN IDs—Sets the mode and the assigned VLANs.
–
Access VLAN ID—Sets the mode to access mode. Enter the VLAN ID to which you want to
assign this switch port. By default, the VLAN ID is derived from the VLAN interface
configuration in Interfaces > Interfaces. You can change the VLAN assignment in this dialog
box. Be sure to apply the change to update the Interfaces > Interfaces tab with the new
information. If you want to specify a VLAN that has not yet been added, we suggest you add
the VLAN from the Interfaces > Interfaces tab and specify the switch port in the Add/Edit
Interface > General tab rather than specifying it in this dialog box; in either case, you need to
add the VLAN on the Interfaces > Interfaces tab and assign the switch port to it.
–
Trunk VLAN IDs—Sets the mode to trunk mode using 802.1Q tagging. Trunk mode is available
only with the Security Plus license. Enter the VLAN IDs to which you want to assign this switch
port, separated by commas. Trunk ports do not support untagged packets; there is no native
VLAN support, and the adaptive security appliance drops all packets that do not contain a tag
specified in this command. If the VLANs are already in your configuration, after you apply the
change, the Interfaces > Interfaces tab shows this switch port added to each VLAN. If you want
to specify a VLAN that has not yet been added, we suggest you add the VLAN from the
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • •——