you can create subinterfaces on an appliance to have multiple IP's on the outside interface, you can use the interface command followed by the interface name and the subinterface number, as shown in the following syntax:
interface physical_interface.subinterface
Here, physical_interface is the actual physical interface and subinterface is an integer between 1 and 4,294,967,295. Example 4-13 demonstrates how to create a subinterface 300 on GigabitEthernet0/0.
Example 4-13. Creating a Subinterface
Chicago# configure terminal
Chicago(config)# interface GigabitEthernet0/0.300
Once you have created a subinterface, the next step is to associate the interface with a unique VLAN identity. Assign a VLAN ID by using the vlan subinterface configuration command followed by the actual VLAN ID, which ranges between 1 and 4096. In Example 4-14, the administrator has linked GigabitEthernet0/0.300 to vlan 300. Although the subinterface number and the VLAN ID do not have to match, it is a good practice to use the same number for ease of management.
Example 4-14. Associating a VLAN ID to a Subinterface
Chicago# configure terminal
Chicago(config)# interface GigabitEthernet0/0.300
Chicago(config-if)# vlan 300
Caution
If the main physical interface is shut down, all the associated subinterfaces are disabled as well.
The subinterface is configured identically to a physical interface, using the nameif, security-level, and ip address commands. It does not, however, allow the use of speed and duplex commands, discussed in the previous section. Example 4-15 shows a subinterface GigabitEthernet0/0.300 configuration that is set up as a DMZ interface with the security level 30 and an IP address of 192.168.20.1/24 in VLAN 300.
Example 4-15. Configuring Subinterface Parameters
Chicago# configure terminal
Chicago(config)# interface GigabitEthernet0/0.300
Chicago(config-if)# vlan 300
Chicago(config-if)# nameif DMZ
Chicago(config-if)# security-level 30
Chicago(config-if)# ip address 192.168.20.1 255.255.255.0
