Re: Configuring ASA5540 for 802.1q

damrut5763 · ‎05-14-2008

Hello I am configuring subinterfaces on mys asa5540 the question I have is do I have to have a security-level on the trunk interface here is what I am referring to:

interface GigabitEthernet0/2

speed 1000

duplex full

no nameif

security-level 0

no ip address

I know I have to have it on the subinterface not sure about the trunk interface. Please adise!

Collin Clark · ‎05-14-2008

You don't need it/it isn't used. With the no nameif, untagged packets are dropped and hence need no for a security level.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1044006

Hope that helps.

damrut5763 · ‎05-14-2008

Thanks! This help!!!!

edunn · ‎05-14-2008

Here is a quick example of a working subinterface/vlan config that I just applied to an ASA pair last week:

interface Ethernet0/2

speed 100

duplex full

no nameif

no security-level

no ip address

!

interface Ethernet0/2.1

description Guest Access

vlan 7

nameif GuestAccess

security-level 10

ip address 192.168.202.1 255.255.255.0 standby 192.168.202.2

!

interface Ethernet0/2.2

description DMZ

vlan 8

nameif DMZ

security-level 50

ip address 192.168.200.1 255.255.255.0 standby 192.168.200.62

damrut5763 · ‎05-15-2008

tHANK yOU! sO YOU HAD TO CREATE AND ACCESS-LIST AND NAT STATEMENT FOR YOUR GUESTACCESS BECAUSE OF THE SECURITY-LEVEL CORRECT?