Sub-interface security level ?

Answered Question
Jul 21st, 2010

I have Gi0/0 configured with a sub-interface Gi0/0.251 (outside) interface. On what interface should security level be configured ?

interface GigabitEthernet0/0
description swraz-1
duplex full
no nameif
security-level 100
no ip address

interface GigabitEthernet0/0.251
description vlan251
vlan 251
nameif outside
security-level 0
ip address <subif_ip_address_lan> 255.255.255.0

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 6 months ago

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Wed, 07/21/2010 - 07:11

The security level should be configured per VLAN basis, so it should be configured for every sub interfaces that you configure, as security level is normally ties in to each subnet/logical interface.

Hope that helps.

cmclan2121 Wed, 07/21/2010 - 07:22

Thanks for the reply. Just wanet to confirm since I read somewhere that security level must not apply to subinerface in a  redundant intf. setup.

Correct Answer
Jennifer Halim Wed, 07/21/2010 - 07:30

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

cmclan2121 Wed, 07/21/2010 - 07:42

I ran in some other issue when configuring my red. intf. I have a post opened about it. Please be kind to have a look and let me know what you think.

Title:how to enable ISAKMP outside redundant interface ?

/cheers

Actions

This Discussion