45-39
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter45 Managing Firewall Devices
Configuring Firewall Device Interfaces
Further, if you use failover, you can provide a standby MAC address. If the active unit fails over and the
standby unit becomes active, the new active unit starts using the active MAC addresses to minimize
network disruption, while the old active unit uses the standby address.
Note The following options appear only on the Advanced tab of the Add Interface and Edit Interface dialog
boxes presented by PIX 7.2+ and ASA 7.2+ devices.
(Optional) To manually assign a private MAC address to the current interface:
Step 1 In the Add/Edit Interface dialog box, provide the desired MAC address in the Active MAC Address
field.
MAC addresses are provided in H.H.H format, where H is a 16-bit hexadecimal digit. For example, the
MAC address 00-0C-F1-42-4C-DE would be entered as 000C.F142.4CDE.
Note In some cases, you may have to press the Tab key after entering the Active MAC Address to
activate the Standby MAC Address field.
Step 2 If desired, provide a Standby MAC Address for use with device-level failover.
If the active unit fails over and the standby unit becomes active, the new active unit begins using the
active MAC addresses to minimize network disruption, while the old active unit uses the standby
address.
Step 3 Continue configuring the device interface in the Add/Edit Interface Dialog Box (PIX 7.0+/ASA/FWSM),
page 45-19.
Configuring Hardware Ports on an ASA 5505
The Interfaces page displayed for ASA 5505 devices presents two tabbed panels: Hardware Port s and
Interfaces. The table on the Hardware Ports panel displays currently configured switch ports for the
selected ASA 5505.
Use the Configure Hardware Ports dialog box to configure the switch ports on an ASA 5505, including
setting the mode, assigning a switch port to a VLAN, and setting the Protected option. (The following
dialog-box parameter descriptions also describe the fields in the Hardware Ports table.)
Caution The ASA 5505 does not support Spanning Tree Protocol for loop detection in the network. Therefore,
you must ensure that any connection with the appliance does not end up in a network loop.
Navigation Path
You can access the Configure Hardware Ports dialog box by clicking Add Row or Edit Row on the
Hardware Ports panel of the ASA 5505 Interfaces page. See Managing Device Interfaces, Hardware
Ports, and Bridge Groups, page 45-14 for more information.
Related Topics
Understanding ASA 5505 Ports and Interfaces, page 45-6
Add/Edit Interface Dialog Box (PIX 7.0+/ASA/FWSM), page 45-19