4-2
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
Interface Overview
Understanding ASA 5505 Ports and Interfaces
The ASA 5505 adaptive security appliance supports a built-in switch. There are two kinds of ports and
interfaces that you need to configure:
• Physical switch ports—The adaptive security appliance has eight Fast Ethernet switch ports that
forward traffic at Layer 2, using the switching function in hardware. Two of these ports are PoE
ports. See the “Power Over Ethernet” section on page 4-4 for more information. You can connect
these interfaces directly to user equipment such as PCs, IP phones, or a DSL modem. Or you can
connect to another switch.
• Logical VLAN interfaces—In routed mode, these interfaces forward traffic between VLAN
networks at Layer 3, using the configured security policy to apply firewall and VPN services. In
transparent mode, these interfaces forward traffic between the VLANs on the same network at Layer
2, using the configured security policy to apply firewall services. See the “Maximum Active VLAN
Interfaces for Your License” section for more information about the maximum VLAN interfaces.
VLAN interfaces let you divide your equipment into separate VLANs, for example, home, business,
and Internet VLANs.
To segregate the switch ports into separate VLANs, you assign each switch port to a VLAN interface.
Switch ports on the same VLAN can communicate with each other using hardware switching. But when
a switch port on VLAN 1 wants to communicate with a switch port on VLAN 2, then the adaptive
security appliance applies the security policy to the traffic and routes or bridges between the two
VLANs.
Note Subinterfaces are not available for the ASA 5505 adaptive security appliance.
Maximum Active VLAN Interfaces for Your License
In transparent firewall mode, you can configure two active VLANs in the Base license and three active
VLANs in the Security Plus license, one of which must be for failover.
In routed mode, you can configure up to three active VLANs with the Base license, and up to five active
VLANs with the Security Plus license.
An active VLAN is a VLAN with a nameif command configured. You can configure up to five inactive
VLANs for either license, but if you make them active, be sure to follow the guidelines for your license.
With the Base license, the third VLAN can only be configured to initiate traffic to one other VLAN. See
Figure 4-1 for an example network.
To Next Page
Loading...
Need help?
General