Cisco FirePOWER ASA 5500 series Configuration Manual page 84
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring a Switch Port as a Trunk Port
To make this switch port a trunk port, enter the following command:
Step 3
hostname(config-if)# switchport mode trunk
To restore this port to access mode, enter the switchport mode access command.
(Optional) To prevent the switch port from communicating with other protected switch ports on the same
Step 4
VLAN, enter the following command:
hostname(config-if)# switchport protected
You might want to prevent switch ports from communicating with each other if the devices on those
switch ports are primarily accessed from other VLANs, you do not need to allow intra-VLAN access,
and you want to isolate the devices from each other in case of infection or other security breach. For
example, if you have a DMZ that hosts three web servers, you can isolate the web servers from each other
if you apply the switchport protected command to each switch port. The inside and outside networks
can both communicate with all three web servers, and vice versa, but the web servers cannot
communicate with each other.
Step 5
(Optional) To set the speed, enter the following command:
hostname(config-if)# speed {auto | 10 | 100}
The auto setting is the default.
(Optional) To set the duplex, enter the following command:
Step 6
hostname(config-if)# duplex {auto | full | half}
The auto setting is the default.
To enable the switch port, if it is not already enabled, enter the following command:
Step 7
hostname(config-if)# no shutdown
To disable the switch port, enter the shutdown command.
The following example configures three VLAN interfaces. The third home interface cannot forward
traffic to the business interface. The home and business VLANs are assigned to a trunk port on Ethernet
0/1.
hostname(config)# interface vlan 100
hostname(config-if)# nameif outside
hostname(config-if)# security-level 0
hostname(config-if)# ip address dhcp
hostname(config-if)# no shutdown
hostname(config-if)# interface vlan 200
hostname(config-if)# nameif business
hostname(config-if)# security-level 100
hostname(config-if)# ip address 10.1.1.1 255.255.255.0
hostname(config-if)# no shutdown
hostname(config-if)# interface vlan 300
hostname(config-if)# no forward interface vlan 200
hostname(config-if)# nameif home
hostname(config-if)# security-level 50
hostname(config-if)# ip address 10.2.1.1 255.255.255.0
hostname(config-if)# no shutdown
hostname(config-if)# interface ethernet 0/0
hostname(config-if)# switchport access vlan 100
hostname(config-if)# no shutdown
Cisco Security Appliance Command Line Configuration Guide
4-12
Chapter 4
Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
