Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring ASA5540 for 802.1q

Hello I am configuring subinterfaces on mys asa5540 the question I have is do I have to have a security-level on the trunk interface here is what I am referring to:

interface GigabitEthernet0/2

speed 1000

duplex full

no nameif

security-level 0

no ip address

I know I have to have it on the subinterface not sure about the trunk interface. Please adise!

4 REPLIES

Re: Configuring ASA5540 for 802.1q

You don't need it/it isn't used. With the no nameif, untagged packets are dropped and hence need no for a security level.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1044006

Hope that helps.

New Member

Re: Configuring ASA5540 for 802.1q

Thanks! This help!!!!

New Member

Re: Configuring ASA5540 for 802.1q

Here is a quick example of a working subinterface/vlan config that I just applied to an ASA pair last week:

interface Ethernet0/2

speed 100

duplex full

no nameif

no security-level

no ip address

!

interface Ethernet0/2.1

description Guest Access

vlan 7

nameif GuestAccess

security-level 10

ip address 192.168.202.1 255.255.255.0 standby 192.168.202.2

!

interface Ethernet0/2.2

description DMZ

vlan 8

nameif DMZ

security-level 50

ip address 192.168.200.1 255.255.255.0 standby 192.168.200.62

New Member

Re: Configuring ASA5540 for 802.1q

tHANK yOU! sO YOU HAD TO CREATE AND ACCESS-LIST AND NAT STATEMENT FOR YOUR GUESTACCESS BECAUSE OF THE SECURITY-LEVEL CORRECT?

138
Views
5
Helpful
4
Replies
CreatePlease to create content