Cisco Systems OL-16647-01

9-13

Cisco ASDM User Guide

OL-16647-01

Chapter 9 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring Switch Ports

Interfaces > Interfaces tab and specify the switch port in the Add/Edit Interface > General tab

rather than specifying it in this dialog box; in either case, you need to add the VLAN on the

Interfaces > Interfaces tab and assign the switch port to it.

• Isolated—This option prevents the switch port from communicating with other protected switch

ports on the same VLAN. You might want to prevent switch ports from communicating with each

other if the devices on those switch ports are primarily accessed from other VLANs, you do not need

to allow intra-VLAN access, and you want to isolate the devices from each other in case of infection

or other security breach. For example, if you have a DMZ that hosts three web servers, you can

isolate the web servers from each other if you apply the Protected option to each switch port. The

inside and outside networks can both communicate with all three web servers, and vice versa, but

the web servers cannot communicate with each other.

–

Isolated—Sets this switch port as a protected port.

• Duplex—Lists the duplex options for the interface, including Full, Half, or Auto. The Auto setting

is the default. If you set the duplex to anything other than Auto on PoE ports Ethernet 0/6 or 0/7,

then Cisco IP phones and Cisco wireless access points that do not support IEEE 802.3af will not be

detected and supplied with power.

• Speed—The Auto setting is the default. If you set the speed to anything other than Auto on PoE ports

Ethernet 0/6 or 0/7, then Cisco IP phones and Cisco wireless access points that do not support IEEE

802.3af will not be detected and supplied with power. The default Auto setting also includes the

Auto-MDI/MDIX feature. Auto-MDI/MDIX eliminates the need for crossover cabling by

performing an internal crossover when a straight cable is detected during the auto-negotiation phase.

Either the speed or duplex must be set to Auto to enable Auto-MDI/MDIX for the interface. If you

explicitly set both the speed and duplex to a fixed value, thus disabling auto-negotiation for both

settings, then Auto-MDI/MDIX is also disabled.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• • •——