Sub-interface security level ?

Answered Question
Jul 21st, 2010
User Badges:

I have Gi0/0 configured with a sub-interface Gi0/0.251 (outside) interface. On what interface should security level be configured ?


interface GigabitEthernet0/0
description swraz-1
duplex full
no nameif
security-level 100
no ip address


interface GigabitEthernet0/0.251
description vlan251
vlan 251
nameif outside
security-level 0
ip address <subif_ip_address_lan> 255.255.255.0

Correct Answer by Jennifer Halim about 6 years 11 months ago

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Wed, 07/21/2010 - 07:11
User Badges:
  • Cisco Employee,

The security level should be configured per VLAN basis, so it should be configured for every sub interfaces that you configure, as security level is normally ties in to each subnet/logical interface.


Hope that helps.

cmclan2121 Wed, 07/21/2010 - 07:22
User Badges:

Thanks for the reply. Just wanet to confirm since I read somewhere that security level must not apply to subinerface in a  redundant intf. setup.

Correct Answer
Jennifer Halim Wed, 07/21/2010 - 07:30
User Badges:
  • Cisco Employee,

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

cmclan2121 Wed, 07/21/2010 - 07:42
User Badges:

I ran in some other issue when configuring my red. intf. I have a post opened about it. Please be kind to have a look and let me know what you think.

Title:how to enable ISAKMP outside redundant interface ?


/cheers

Actions

This Discussion