Cisco PIX 500 Series Configuration Manual page 125

Chapter 7 Configuring Interface Parameters
Note
Step 5 To set the IP address, enter one of the following commands.
In routed firewall mode, set the IP address for all interfaces. In transparent firewall mode, do not set the
IP address for each interface, but rather set it for the whole security appliance or context. The exception
is for the Management 0/0 management-only interface, which does not pass through traffic. To set the
transparent firewall mode whole security appliance or context management IP address, see the
the Management IP Address for a Transparent Firewall" section on page
Management 0/0 interface or subinterface, use one of the following commands.
To set an IPv6 address, see the
For use with failover, you must set the IP address and standby address manually; DHCP and PPPoE are
not supported.
To set the IP address manually, enter the following command:
•
hostname(config-if)# ip address ip_address [ mask ] [standby ip_address ]
where the ip_address and mask arguments set the interface IP address and subnet mask.
The standby ip_address argument is used for failover. See
more information.
• To obtain an IP address from a DHCP server, enter the following command:
hostname(config-if)# ip address dhcp [setroute]
where the setroute keyword lets the security appliance use the default route supplied by the DHCP
server.
Reenter this command to reset the DHCP lease and request a new lease.
If you do not enable the interface using the no shutdown command before you enter the ip address
dhcp command, some DHCP requests might not be sent.
To obtain an IP address from a PPPoE server, see
•
PPPoE is not supported in multiple context mode.
(Optional) To assign a private MAC address to this interface, enter the following command:
Step 6
hostname(config-if)# mac-address mac_address [standby mac_address ]
The mac_address is in H.H.H format, where H is a 16-bit hexadecimal digit. For example, the
MAC address 00-0C-F1-42-4C-DE is entered as 000C.F142.4CDE.
By default, the physical interface uses the burned-in MAC address, and all subinterfaces of a physical
interface use the same burned-in MAC address. A redundant interface uses the MAC address of the first
physical interface that you add. If you change the order of the member interfaces in the configuration,
then the MAC address changes to match the MAC address of the interface that is now listed first. If you
assign a MAC address to the redundant interface using this command, then it is used regardless of the
member interface MAC addresses.
In multiple context mode, if you share an interface between contexts, you can assign a unique MAC
address to the interface in each context. This feature lets the security appliance easily classify packets
into the appropriate context. Using a shared interface without unique MAC addresses is possible, but has
some limitations. See the
OL-12172-03
Transparent firewall mode allows only two interfaces to pass through traffic; however, on the
ASA 5510 and higher adaptive security appliance, you can use the Management 0/0 interface
(either the physical interface or a subinterface) as a third interface for management traffic. The
mode is not configurable in this case and must always be management-only.
"Configuring IPv6 on an Interface" section on page
"How the Security Appliance Classifies Packets" section on page 3-3
Chapter 14, "Configuring Failover,"
Chapter 35, "Configuring the PPPoE Client."
Cisco Security Appliance Command Line Configuration Guide
Configuring Interface Parameters
"Setting
8-5. To set the IP address of the
12-3.
for more
7-5
for