Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Sub-interface security level ?

I have Gi0/0 configured with a sub-interface Gi0/0.251 (outside) interface. On what interface should security level be configured ?

interface GigabitEthernet0/0
description swraz-1
duplex full
no nameif
security-level 100
no ip address

interface GigabitEthernet0/0.251
description vlan251
vlan 251
nameif outside
security-level 0
ip address <subif_ip_address_lan> 255.255.255.0

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Sub-interface security level ?

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

4 REPLIES
Cisco Employee

Re: Sub-interface security level ?

The security level should be configured per VLAN basis, so it should be configured for every sub interfaces that you configure, as security level is normally ties in to each subnet/logical interface.

Hope that helps.

New Member

Re: Sub-interface security level ?

Thanks for the reply. Just wanet to confirm since I read somewhere that security level must not apply to subinerface in a  redundant intf. setup.

Cisco Employee

Re: Sub-interface security level ?

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

New Member

Re: Sub-interface security level ?

I ran in some other issue when configuring my red. intf. I have a post opened about it. Please be kind to have a look and let me know what you think.

Title:how to enable ISAKMP outside redundant interface ?

/cheers

287
Views
0
Helpful
4
Replies
CreatePlease login to create content