Cisco Cisco Firepower Management Center 4000
8-2
FireSIGHT System User Guide
Chapter 8 Setting Up Virtual Switches
Configuring Switched Interfaces
You can set up switched interfaces to have either physical or logical configurations. You can configure
physical switched interfaces for handling untagged VLAN traffic. You can also create logical switched
interfaces for handling traffic with designated VLAN tags.
physical switched interfaces for handling untagged VLAN traffic. You can also create logical switched
interfaces for handling traffic with designated VLAN tags.
In a Layer 2 deployment, the system drops any traffic received on an external physical interface that does
not have a switched interface waiting for it. If the system receives a packet with no VLAN tag and you
have not configured a physical switched interface for that port, it drops the packet. If the system receives
a VLAN-tagged packet and you have not configured a logical switched interface, it also drops the packet.
not have a switched interface waiting for it. If the system receives a packet with no VLAN tag and you
have not configured a physical switched interface for that port, it drops the packet. If the system receives
a VLAN-tagged packet and you have not configured a logical switched interface, it also drops the packet.
The system handles traffic that has been received with VLAN tags on switched interfaces by stripping
the outermost VLAN tag on ingress before any rules evaluation or forwarding decisions. Packets leaving
the device through a VLAN-tagged logical switched interface are encapsulated with the associated
VLAN tag on egress.
the outermost VLAN tag on ingress before any rules evaluation or forwarding decisions. Packets leaving
the device through a VLAN-tagged logical switched interface are encapsulated with the associated
VLAN tag on egress.
Note that if you change the parent physical interface to inline or passive, the system deletes all the
associated logical interfaces.
associated logical interfaces.
See the following sections for more information:
•
•
•
Configuring Physical Switched Interfaces
License:
Control
Supported Devices:
Series 3
You can configure one or more physical ports on a managed device as switched interfaces. You must
assign a physical switched interface to a virtual switch before it can handle traffic.
assign a physical switched interface to a virtual switch before it can handle traffic.
Caution
Changing the maximum transmission unit (MTU) interrupts traffic on the device and packets are
dropped. The range within which you can set the MTU can vary depending on the FireSIGHT System
device model and interface type. See
dropped. The range within which you can set the MTU can vary depending on the FireSIGHT System
device model and interface type. See
for more
information.
To configure a physical switched interface:
Access:
Admin/Network Admin
Step 1
Select
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to configure the switched interface, click the edit icon (
).
The Interfaces tab appears.
Step 3
Next to the interface you want to configure as a switched interface, click the edit icon (
).
The Edit Interface pop-up window appears.
Step 4
Click
Switched
to display the switched interface options.
Step 5
Optionally, from the
Security Zone
drop-down list, select an existing security zone or select
New
to add a
new security zone.