4-13
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
Allowing Communication Between VLAN Interfaces on the Same Security Level
hostname(config-if)# interface ethernet 0/1
hostname(config-if)# switchport mode trunk
hostname(config-if)# switchport trunk allowed vlan 200 300
hostname(config-if)# no shutdown
Allowing Communication Between VLAN Interfaces on the
Same Security Level
By default, interfaces on the same security level cannot communicate with each other. Allowing
communication between same security interfaces lets traffic flow freely between all same security
interfaces without access lists.
Note If you enable NAT control, you do not need to configure NAT between same security level interfaces.
See the “NAT and Same Security Level Interfaces” section on page 17-12 for more information on NAT
and same security level interfaces.
If you enable same security interface communication, you can still configure interfaces at different
security levels as usual.
To enable interfaces on the same security level so that they can communicate with each other, enter the
following command:
hostname(config)# same-security-traffic permit inter-interface
To disable this setting, use the no form of this command.
To Next Page
Loading...
Need help?
General