Solved: Re: Sub-interface security level ?

cmclan2121 · ‎07-21-2010

I have Gi0/0 configured with a sub-interface Gi0/0.251 (outside) interface. On what interface should security level be configured ?

interface GigabitEthernet0/0
description swraz-1
duplex full
no nameif
security-level 100
no ip address

interface GigabitEthernet0/0.251
description vlan251
vlan 251
nameif outside
security-level 0
ip address <subif_ip_address_lan> 255.255.255.0

Jennifer Halim · ‎07-21-2010

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

View solution in original post

Jennifer Halim · ‎07-21-2010

The security level should be configured per VLAN basis, so it should be configured for every sub interfaces that you configure, as security level is normally ties in to each subnet/logical interface.

Hope that helps.

cmclan2121 · ‎07-21-2010

Thanks for the reply. Just wanet to confirm since I read somewhere that security level must not apply to subinerface in a redundant intf. setup.

Jennifer Halim · ‎07-21-2010

You are right. With the redundant interface, you would need to apply the security level on the redundant interface itself.

cmclan2121 · ‎07-21-2010

I ran in some other issue when configuring my red. intf. I have a post opened about it. Please be kind to have a look and let me know what you think.

Title:how to enable ISAKMP outside redundant interface ?

/cheers