9-11
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter9 Completing Interface Configuration (Transparent Mode)
Completing Interface Configuration in Transparent Mode
Configuring a Management Interface (ASA 5510 and Higher)
You can configure one management interface separate from the bridge group interfaces in single mode
or per context. For more information, see the “Management Interface” section on page6-2.
Restrictions
See the “Management Interface” section on page 6-2.
Do not assign this interface to a bridge group; a non-configurable bridge group (ID 101) is
automatically added to your configuration. This bridge group is not included in the bridge group
limit.
If your model does not include a Management interface, you must manage the transparent firewall
from a data interface; skip this procedure. (For example, on the ASA 5505.)
In multiple context mode, you cannot share any interfaces, including the Management interface,
across contexts. To provide management per context, you can create subinterfaces of the
Management interface and allocate a Management subinterface to each context. Note that the ASA
5512-X through ASA 5555-X do not allow subinterfaces on the Management interface, so for
per-context management, you must connect to a data interface.
Prerequisites
Complete the procedures in Chapter6, “Starting Interface Configuration (ASA 5510 and Higher).”
In multiple context mode, you can only configure context interfaces that you already assigned to the
context in the system configuration according to the “Configuring Multiple Contexts” section on
page 5-14.
In multiple context mode, complete this procedure in the context execution space. To change from
the system to a context configuration, enter the changeto context name command.
Detailed Steps
Command Purpose
Step1 interface {{port-channel number |
management slot/port}[.subinterface] |
mapped_name}
Example:
hostname(config)# interface management
0/0.1
If you are not already in interface configuration mode, enters
interface configuration mode for the management interface.
The port-channel number argument is the EtherChannel interface
ID, such as port-channel 1. The EtherChannel interface must
have only Management member interfaces.
Redundant interfaces do not support Management slot/port
interfaces as members. You also cannot set a redundant interface
comprised of non-Management interfaces as management-only.
In multiple context mode, enter the mapped_name if one was
assigned using the allocate-interface command.
Step2 nameif name
Example:
hostname(config-if)# nameif management
Names the interface.
The name is a text string up to 48 characters, and is not
case-sensitive. You can change the name by reentering this
command with a new value. Do not enter the no form, because
that command causes all commands that refer to that name to be
deleted.