Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
0
Helpful
1
Replies

Cisco ASA sub-interfaces

kirkulees007
Level 1
Level 1

‎06-03-2011 08:06 AM - edited ‎03-11-2019 01:42 PM

Problem: We are getting multiple reports of slowness to our DMZ and from there out to the internet.  I want to make sure that our DMZ is configured per best practice.

Questions:

We have an ASA configured with 5 sub-interfaces on our DMZ segment.  By default the ASA will use the same MAC address for all 5 subnets.  Should we configure a different virtual MAC address for each sub-interface?  Are there any known issues with the sub-interfaces sharing the same MAC address.

Thanks,

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎06-05-2011 08:38 PM

No, there is no issue with ASA interfaces configured in sub-interfaces.

However, since it's a shared physical interface for 5 networks, I would check that the speed/duplex has been set correctly, and also if there is any errors on the interface.

Typically if the interface is overloaded because it's been shared by 5 different interfaces, slowness might be reported. So it's a good idea to check the interface counter.

I also assume that all the LAN traffic between the sub-interfaces, as well as towards the Inside and Internet from those 5 networks also traverse through the ASA, so if there are lots of those traffic, it might impact on the speed as well.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card