Cisco FirePOWER ASA 5500 series Configuration Manual page 116

Configuring the Interface
Note
Step 5 To set the IP address, enter one of the following commands.
In routed firewall mode, you set the IP address for all interfaces. In transparent firewall mode, you do
not set the IP address for each interface, but rather for the whole security appliance or context. The
exception is for the Management 0/0 management-only interface, which does not pass through traffic.
To set the management IP address for transparent firewall mode, see the
Address for a Transparent Firewall" section on page
interface or subinterface, use one of the following commands.
To set an IPv6 address, see the
For failover, you must set the IP address an standby address manually; DHCP and PPPoE are not
supported.
To set the IP address manually, enter the following command:
•
hostname(config-if)# ip address ip_address [mask] [standby ip_address]
The standby keyword and address is used for failover. See
more information.
To obtain an IP address from a DHCP server, enter the following command:
•
hostname(config-if)# ip address dhcp [setroute]
Reenter this command to reset the DHCP lease and request a new lease.
If you do not enable the interface using the no shutdown command before you enter the ip address
dhcp command, some DHCP requests might not be sent.
To obtain an IP address from a PPPoE server, see
•
(Optional) To assign a private MAC address to this interface, enter the following command:
Step 6
hostname(config-if)# mac-address mac_address [standby mac_address]
The mac_address is in H.H.H format, where H is a 16-bit hexadecimal digit. For example, the
MAC address 00-0C-F1-42-4C-DE would be entered as 000C.F142.4CDE.
By default, the physical interface uses the burned-in MAC address, and all subinterfaces of a physical
interface use the same burned-in MAC address.
For use with failover, set the standby MAC address. If the active unit fails over and the standby unit
becomes active, the new active unit starts using the active MAC addresses to minimize network
disruption, while the old active unit uses the standby address.
In multiple context mode, if you share an interface between contexts, you can assign a unique MAC
address to the interface in each context. This feature lets the security appliance easily classify packets
into the appropriate context. Using a shared interface without unique MAC addresses is possible, but has
some limitations. See the
information. You can assign each MAC address manually, or you can automatically generate MAC
addresses for shared interfaces in contexts. See the
Context Interfaces" section on page 6-11
generate MAC addresses, you can use the mac-address command to override the generated address.
Cisco Security Appliance Command Line Configuration Guide
7-4
Transparent firewall mode allows only two interfaces to pass through traffic; however, on the
The ASA 5510 and higher adaptive security appliance, you can use the Management 0/0
interface (either the physical interface or a subinterface) as a third interface for management
traffic. The mode is not configurable in this case and must always be management-only.
"Configuring IPv6 on an Interface" section on page
"How the Security Appliance Classifies Packets" section on page 3-3
Chapter 7
8-5. To set the IP address of the Management 0/0
Chapter 14, "Configuring Failover,"
Chapter 35, "Configuring the PPPoE Client."
"Automatically Assigning MAC Addresses to
to automatically generate MAC addresses. If you automatically
Configuring Interface Parameters
"Setting the Management IP
12-3.
for more
OL-10088-01
for