Cisco Systems OL-16647-01

9-7

Cisco ASDM User Guide

OL-16647-01

Chapter 9 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring VLAN Interfaces

The backup interface does not pass through traffic unless the default route through the primary

interface fails. This option is useful for Easy VPN; when the backup interface becomes the primary,

the security appliance moves the VPN rules to the new primary interface.

To ensure that traffic can pass over the backup interface in case the primary fails, be sure to

configure default routes on both the primary and backup interfaces so that the backup interface can

be used when the primary fails. For example, you can configure two default routes: one for the

primary interface with a lower administrative distance, and one for the backup interface with a

higher distance. To configure dual ISP support, see the “Static Route Tracking” section on

page 11-41.

• VLAN—Shows the VLAN ID for this interface.

• Management Only—Indicates if the interface allows traffic to the security appliance or for

management purposes only.

• MTU—Displays the MTU. By default, the MTU is 1500.

• Active MAC Address—Shows the active MAC address, if you assigned one manually on the

Add/Edit Interface > Advanced tab.

• Standby MAC Address—Shows the standby MAC address (for failover), if you assigned one

manually.

• Description—Displays a description. In the case of a failover or state link, the description is fixed

as “LAN Failover Interface,” “STATE Failover Interface,” or ��LAN/STATE Failover Interface,” for

example. You cannot edit this description.

• Add—Adds an interface. If you enabled Easy VPN, you cannot add VLAN interfaces.

• Edit—Edits the selected interface. If you assign an interface as the failover link or state link (see the

Failover: Setup tab), you cannot edit the interface in this pane. If you enabled Easy VPN, you cannot

edit the security level or interface name.

• Delete—Deletes the selected interface. If you assign an interface as the failover link or state link

(see the Failover: Setup tab), you cannot delete the interface in this pane. If you enabled Easy VPN,

you cannot delete VLAN interfaces.

• Enable traffic between two or more interfaces which are configured with same security

levels—Enables communication between interfaces on the same security level. If you enable same

security interface communication, you can still configure interfaces at different security levels as

usual.

• Enable traffic between two or more hosts connected to the same interface—Enables traffic to enter

and exit the same interface.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• • •——