Filter
Top Products
45-28
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
Roles All interface roles assigned to this interface are listed in this field. Role
assignments are based on pattern matching between the Name given to this
interface and all currently defined Interface Role objects in Cisco Security
Manager.
Interface role objects are replaced with the actual interface IP addresses
when the configuration is generated for each device. They allow you to
define generic rules—ones that can apply to multiple interfaces.
For more information on roles and how to define and use them, see
Understanding Interface Role Objects, page 6-67.
EtherChannel Interface options; available on ASA 8.4.1+ devices only.
Load Balancing When EtherChannel is the chosen interface Type (on the General panel),
choose a load-balancing method for the channel links. See About
EtherChannel Load Balancing, page 45-12, for more information about this
option.
LACP Mode Select the desired LACP Mode; the default is Active, which means up to
eight interfaces are active, while up to eight are in stand-by mode, as
determined by the Minimum and Maximum values under Active Physical
Interfaces.
If you select On, a static port-channel is created in which all member
interfaces are all “on,” meaning you can have up to 16 ports passing traffic,
with no stand-by ports. When you select this option, the Mode for all
interfaces assigned to this EtherChannel group is switched to On (if the
Mode for each is not already On). See Editing LACP Parameters for an
Interface Assigned to an EtherChannel, page 45-11, for more information
about this mode.
Active Physical
Interfaces
When EtherChannel is the chosen interface Type (on the General panel),
specify the minimum and maximum number of interfaces that can be active
for this EtherChannel group:
• Minimum – Specify the minimum number of interfaces that can be
active for this group; enter a value from 1 to 8. Interfaces available to the
channel are selected on the General tab of this dialog box (Add/Edit
Interface Dialog Box: General Tab (PIX 7.0+/ASA/FWSM),
page 45-20).
• Maximum – Specify the maximum number of interfaces that can be
active; enter a value from 1 to 8. Interfaces available to the channel are
selected on the General tab of this dialog box.
Specifying 3, 5, 6, or 7 active ports in an EtherChannel bundle provides poor
load balancing, because some ports get up to twice the load of others. We
recommend specifying 2, 4, or 8 active ports per EtherChannel to achieve
effective load balancing. (A value of 1 provides no load balancing at all.)
ASA Cluster (Layer 3); available on ASA 5580 and 5585 devices in cluster mode only.
Supported by all interfaces when ASA cluster is in Router mode and supported by management
interface when ASA cluster is in Transparent mode.
Table 45-4 Advanced tab: Add/Edit Interface Dialog Box (ASA/PIX 7.0+) (Continued)
Element Description