Cisco Cisco Catalyst 6500 Series 7600 Series ASA Services Module Installation Guide
5
Step 4
Associate the secondary VLANs to the primary VLAN:
vlan 200
private-vlan association 501-503
Step 5
Classify the port mode. The mode of interface f1/0/1 is host. The mode of interface f1/0/2 is promiscuous.
interface f1/0/1
switchport mode private-vlan host
interface f1/0/2
switchport mode private-vlan promiscuous
Step 6
Assign VLAN membership to the host port. Interface f1/0/1 is a member of primary VLAN 200 and secondary isolated
VLAN 501.
VLAN 501.
interface f1/0/1
switchport private-vlan host-association 200 501
Step 7
Assign VLAN membership to the promiscuous interface. Interface f1/0/2 is a member of primary VLAN 200. Secondary
VLANs 501-503 are mapped to the primary VLAN.
VLANs 501-503 are mapped to the primary VLAN.
interface f1/0/2
switchport private-vlan mapping 200 501-503
Step 8
If inter-VLAN routing is desired, configure a primary SVI and then map the secondary VLANs to the primary.
interface vlan 200
private-vlan mapping 501-503
4
Use the MSFC as a Directly-Connected Router
If you want to use the MSFC as a directly-connected router (for example, as the default gateway connected to the ASASM
outside interface), then add an ASASM VLAN interface to the MSFC as a switched virtual interface (SVI).
outside interface), then add an ASASM VLAN interface to the MSFC as a switched virtual interface (SVI).
Procedure
Step 1
(Optional) At the switch CLI, enable multiple SVIs:
firewall multiple-vlan-interfaces
By default, you can add only one SVI; to understand the caveats for multiple SVIs, see
Step 2
Add a VLAN interface to the MSFC:
interface vlan
vlan_number
Example:
Router(config)# interface vlan 100
Step 3
Set the IP address for this interface on the MSFC:
ip address
address mask
Example:
Router(config)# ip address 192.168.1.2 255.255.255.0
Step 4
Enable the interface:
no shutdown