Cisco Systems ASA5515K9, ASA 5500 Configuring VLAN Subinterfaces and 802.1Q Trunking

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter6 Starting Interface Configuration (ASA 5510 a nd Higher)

Starting Interface Configuration (ASA 5510 and Higher)

What to Do Next

Optional Task:

•Configure VLAN subinterfaces. See the “Configuring VLAN Subinterfaces and 802.1Q Trunking”

section on page 6-30.

Required Tasks:

•For multiple context mode, assign interfaces to contexts and automatically assign unique MAC

addresses to context interfaces. See the “Configuring Multiple Contexts” section on page 5-14.

•For single context mode, complete the interface configuration. See the Chapter8, “Completing

Interface Configuration (RoutedMode),” or Chapter 9, “Completing Interface Configuration

(TransparentMode).”

Configuring VLAN Subinterfaces and 802.1Q Trunking

Subinterfaces let you divide a physical, redundant, or EtherChannel interface into multiple logical

interfaces that are tagged with different VLAN IDs. An interface with one or more VLAN subinterfaces

is automatically configured as an 802.1Q trunk. Because VLANs allow you to keep traffic separate on a

given physical interface, you can increase the number of interfaces available to your network without

adding additional physical interfaces or ASAs. This feature is particularly useful in multiple context

mode so that you can assign unique interfaces to each context.

Step4 port-channel load-balance {dst-ip |

dst-ip-port | dst-mac | dst-port |

src-dst-ip | src-dst-ip-port | src-dst-mac

| src-dst-port | src-ip | src-ip-port |

src-mac | src-port | vlan-dst-ip |

vlan-dst-ip-port | vlan-only |

vlan-src-dst-ip | vlan-src-dst-ip-port |

vlan-src-ip | vlan-src-ip-port}

hostname(config-if)# port-channel

load-balance src-dst-mac

Configures the load-balancing algorithm. By default, the ASA

balances the packet load on interfaces according to the source and

destination IP address (src-dst-ip) of the packet. If you want to

change the properties on which the packet is categorized, use this

command. For example, if your traffic is biased heavily towards

the same source and destination IP addresses, then the traffic

assignment to interfaces in the EtherChannel will be unbalanced.

Changing to a different algorithm can result in more evenly

distributed traffic. For more information about load balancing, see

the “Load Balancing” section on page6-7.

Step5 lacp system-priority number

hostname(config)# lacp system-priority

Sets the LACP system priority, from 1 to 65535. The default is

32768. The higher the number, the lower the priority. This

command is global for the ASA.

If the device at the other end of the EtherChannel has conflicting

port priorities, the system priority is used to determine which port

priorities to use. For interface priorities within an EtherChannel,

see the lacp port-priority command in the “Adding Interfaces to

the EtherChannel” section on page6-27.

Step6 (Optional)

You can set the Ethernet properties for the

port-channel interface to override the properties

set on the individual interfaces.

This method provides a shortcut to set these parameters because

these parameters must match for all interfaces in the channel

group. See the “Enabling the Physical Interface and Configuring

Ethernet Parameters” section on page6-22 for Ethernet

Command Purpose

Contents