Cisco FirePOWER ASA 5500 series Configuration Manual page 115

Chapter 7 Configuring Interface Parameters
To configure an interface or subinterface, perform the following steps:
Step 1 To specify the interface you want to configure, enter the following command:
hostname(config)# interface {physical_interface[.subinterface] | mapped_name}
The physical_interface ID includes the type, slot, and port number as type[slot/]port.
The physical interface types include the following:
ethernet
•
gigabitethernet
•
For the PIX 500 series security appliance, enter the type followed by the port number, for example,
ethernet0.
For the ASA 5500 series adaptive security appliance, enter the type followed by slot/port, for example,
gigabitethernet0/1. Interfaces that are built into the chassis are assigned to slot 0, while interfaces on
the 4GE SSM are assigned to slot 1. For the ASA 5550 adaptive security appliance, for maximum
throughput, be sure to balance your traffic over the two interface slots; for example, assign the inside
interface to slot 1 and the outside interface to slot 0.
The ASA 5510 and higher adaptive security appliance also includes the following type:
management
•
The management interface is a Fast Ethernet interface designed for management traffic only, and is
specified as management0/0. You can, however, use it for through traffic if desired (see the
management-only command). In transparent firewall mode, you can use the management interface
in addition to the two interfaces allowed for through traffic. You can also add subinterfaces to the
management interface to provide management in each security context for multiple context mode.
Append the subinterface ID to the physical interface ID separated by a period (.).
In multiple context mode, enter the mapped name if one was assigned using the allocate-interface
command.
For example, enter the following command:
hostname(config)# interface gigabitethernet0/1.1
To name the interface, enter the following command:
Step 2
hostname(config-if)# nameif name
The name is a text string up to 48 characters, and is not case-sensitive. You can change the name by
reentering this command with a new value. Do not enter the no form, because that command causes all
commands that refer to that name to be deleted.
To set the security level, enter the following command:
Step 3
hostname(config-if)# security-level number
Where number is an integer between 0 (lowest) and 100 (highest).
(Optional) To set an interface to management-only mode, enter the following command:
Step 4
hostname(config-if)# management-only
The ASA 5510 and higher adaptive security appliance includes a dedicated management interface called
Management 0/0, which is meant to support traffic to the security appliance. However, you can configure
any interface to be a management-only interface using the management-only command. Also, for
Management 0/0, you can disable management-only mode so the interface can pass through traffic just
like any other interface.
OL-10088-01
Cisco Security Appliance Command Line Configuration Guide
Configuring the Interface
7-3