Manualshelf

Specifications

ManualsBrandsCisco ManualsHome building and DecorPIX 525
51525354555657585960
4-2
Cisco Security Appliance Command Line Configuration Guide
OL-6721-01
Chapter 4 Configuring Ethernet Settings and Subinterfaces
Configuring Subinterfaces
The auto setting is the default for copper interfaces. For fiber Gigabit Ethernet interfaces, the default is
no speed nonegotiate, which sets the speed to 1000 Mbps and enables link negotiation for flow-control
parameters and remote fault information. The speed nonegotiate command disables link negotiation.
These two commands are the only available options for fiber interfaces.
Step 3 To set the duplex for copper interfaces, enter the following command:
hostname(config-if)# duplex {auto | full | half}
The auto setting is the default. You do not set the duplex for fiber interfaces.
Step 4 To enable the interface, enter the following command:
hostname(config-if)# no shutdown
To disable the interface, enter the shutdown command. If you enter the shutdown command for a
physical interface, you also shut down all subinterfaces. If you shut down an interface in the system
execution space, then that interface is shut down in all contexts that share it.
Configuring Subinterfaces
Subinterfaces let you divide a physical interface into multiple logical interfaces that are tagged with
different VLAN IDs. Because VLANs allow you to keep traffic separate on a given physical interface,
you can increase the number of interfaces available to your network without adding additional physical
interfaces or security appliances. This feature is particularly useful in multiple context mode so you can
assign unique interfaces to each context.
To determine how many subinterfaces are allowed for your platform, see Appendix A, “Feature Licenses
and Specifications.”
You need to enable the physical interface with the no shutdown command to let subinterfaces be
enabled. If you enable subinterfaces, you typically do not also want the physical interface to pass traffic,
because the physical interface passes untagged packets. Therefore, you cannot prevent traffic from
passing through the physical interface by bringing down the interface. Instead, ensure that the physical
interface does not pass traffic by leaving out the nameif command. If you want to let the physical
interface pass untagged packets, you can configure the nameif command as usual.