Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

45-40

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 45 Managing Firewall Devices

Configuring Firewall Device Interfaces

Field Reference

Table 45-8 Configure Hardware Ports Dialog Box

Element Description

Enable Interface Select this option to enable this switch port. You can deselect this

option to disable the port, but retain its configuration information.

Isolated Select this option to prevent this port from communicating with other

isolated or “protected” switch ports on the same VLAN.

You might want to prevent switch ports from communicating with each

other if the devices on those ports are primarily accessed from other

VLANs, if you do not need to allow intra-VLAN access, and you want

to isolate the devices from each other in case of infection or other

security breach. For example, if you have a DMZ that hosts three Web

servers, you can isolate the Web servers from each other if you apply

the Isolated option to each switch port. The inside and outside networks

can both communicate with all three Web servers, and vice versa, but

the Web servers cannot communicate with each other.

Hardware Port Choose the switch port that you are configuring; all device ports are

listed.

Mode Choose a mode for this port:

• Access Port – Sets the port to access mode. Each access port can

be assigned to one VLAN.

• Trunk Port – Sets the port to trunk mode using 802.1Q tagging.

Trunk ports can carry multiple VLANs using 802.1Q tagging.

Trunk mode is available only with the Security Plus license. Trunk

ports do not support untagged packets, there is no native VLAN

support, and the appliance drops all packets that do not contain a

tag.

VLAN ID Enter VLAN ID(s) for this port, according to the chosen Mode:

• For Access Port mode, enter the ID of the VLAN to which this

switch port is to be assigned.

• For Trunk Port mode, you can enter multiple VLAN IDs, and

multiple ID ranges (such as 4-8), separated by commas.

Note For devices running operating system 7.2(2)18 or earlier, valid

VLAN IDs are 1 to 1001; with version 7.2(2)19 or later, valid

IDs are 1 to 4090.

Duplex Choose a duplex option for the port: Full, Half, or Auto. The Auto

setting is recommended, and the default.

If you set Duplex to anything other than Auto for PoE ports Ethernet

0/6 or 0/7, then Cisco IP phones and Cisco wireless access points that

do not support IEEE 802.3af will not be detected and supplied with

power.

previous next