cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
379
Views
0
Helpful
4
Replies
cmclan2121
Beginner

Sub-interface security level ?

I have Gi0/0 configured with a sub-interface Gi0/0.251 (outside) interface. On what interface should security level be configured ?

interface GigabitEthernet0/0
description swraz-1
duplex full
no nameif
security-level 100
no ip address

interface GigabitEthernet0/0.251
description vlan251
vlan 251
nameif outside
security-level 0
ip address <subif_ip_address_lan> 255.255.255.0

1 ACCEPTED SOLUTION

Accepted Solutions

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

View solution in original post

4 REPLIES 4
Jennifer Halim
Cisco Employee

The security level should be configured per VLAN basis, so it should be configured for every sub interfaces that you configure, as security level is normally ties in to each subnet/logical interface.

Hope that helps.

Thanks for the reply. Just wanet to confirm since I read somewhere that security level must not apply to subinerface in a  redundant intf. setup.

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

View solution in original post

I ran in some other issue when configuring my red. intf. I have a post opened about it. Please be kind to have a look and let me know what you think.

Title:how to enable ISAKMP outside redundant interface ?

/cheers

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE- Guest and Posture Troubleshooting (46%)

Content for Community-Ad