Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
45-38
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
VPDN Group Name (required) – Choose the Virtual Private Dialup Network (VPDN) group
that contains the authentication method and user name/password to use for network connection,
negotiation and authentication. See Managing VPDN Groups, page 45-45 for more information.
IP Address – If provided, this static IP address is used for connection and authentication,
instead of a negotiated address.
Subnet Mask – The subnet mask to be used in conjunction with the provided IP Address.
PPPoE Learned Route Metric (required) – Assign an administrative distance to the learned
route. Valid values are 1 to 255; defaults to 1.
All routes have a value or “metric” that represents its priority of use. (This metric is also referred
to as “administrative distance.”) When two or more routes to the same destination are available,
devices use administrative distance to decide which route to use.
Obtain Default Route using PPPoE – Select this option to obtain a default route from the
PPPoE server; sets the default routes when the PPPoE client has not yet established a
connection. When using this option, you cannot have a statically defined route in the
configuration.
Enable Tracking for PPPoE Learned Route – If Obtain Default Route using PPPoE is
selected, you can select this option to enable route tracking for PPPoE-learned routes. The
following options become available:
Dual ISP Interface – If you are defining interfaces for dual ISP support, choose Primary or
Secondary to indicate which connection you are configuring.
Tracked SLA Monitor – Required if Enable Tracking for DHCP Learned Route is selected.
Enter or Select the name of the SLA monitor object that defines the route tracking (connectivity
monitoring) to be applied to this interface. See Monitoring Service Level Agreements (SLAs)
To Maintain Connectivity, page 50-7 for more information.
Note You can configure DHCP and PPPoE only on the outside interface of a firewall device. If you
have already configured PPPoE on the outside interface, it is no longer available as an option.
Step 2 Continue configuring the device interface in the Add/Edit Interface Dialog Box (PIX 7.0+/ASA/FWSM),
page 45-19.
Device Interface: MAC Address
By default, a physical interface uses its “burned-in” MAC address, and all subinterfaces of a physical
interface use the same burned-in MAC address.
A redundant interface uses the MAC address of the first physical interface that you add. If you change
the order of the member interfaces in the configuration, then its MAC address changes to match the MAC
address of the interface that is now listed first. If you manually assign a MAC address to the redundant
interface, that is used regardless of the physical-interface MAC addresses.
Similarly, all interfaces assigned to an EtherChannel group share the same MAC address. By default, the
EtherChannel uses the MAC address of the lowest-numbered member interface. However, you can
manually configure a MAC address for the EtherChannel to prevent traffic disruption should the
low-numbered interface be removed from the group.
You also might want to assign unique MAC addresses to subinterfaces. For example, your service
provider might control access based on MAC addresses.