Step 1 Choose the
Configuration > Device Setup > Interfaces
Step 2 Choose the interface row for GigabitEthernet0/0 or 0/1, and click
. If you use failover, GigabitEthernet0/2 is reserved for the failover link. The Management0/0 interface was configured when you deployed the ASA 1000V. You can change the Management interface parameters if desired.
The Edit Interface dialog box appears with the General tab selected.
Step 3 Enter the following parameters:
a. Interface Name—Enter a name up to 48 characters in length.
b. Security Level—Do not change the security level. When you assign the security profile interfaces to the inside interface, the security level will automatically be changed to 100. For the outside interface, 0 is the appropriate level.
c. Enable Interface—If the interface is not already enabled, check the
a. IP Address—To set the IP address, use one of the following options:
Note For use with failover, you must set the IP address and standby address manually; DHCP is not supported. Set the standby IP addresses on the Configuration > Device Management > High Availability > Failover > Interfaces tab.
To set the IP address manually, click the
Use Static IP
radio button and enter the IP address and mask.
To obtain an IP address from a DHCP server, click the
Obtain Address via DHCP
– To force a MAC address to be stored inside a DHCP request packet for option 61, click the
Use MAC Address
Some ISPs expect option 61 to be the interface MAC address. If the MAC address is not included in the DHCP request packet, then an IP address will not be assigned.
– To use a generated string for option 61, click
– (Optional) To obtain the default route from the DHCP server, check
Obtain Default Route Using DHCP
– (Optional) To assign an administrative distance to the learned route, enter a value between 1 and 255 in the DHCP Learned Route Metric field. If this field is left blank, the administrative distance for the learned routes is 1.
– (Optional) To enable tracking for DHCP-learned routes, check
Enable Tracking for DHCP Learned Routes
. Set the following values:
Track ID—A unique identifier for the route tracking process. Valid values are from 1 to 500.
Track IP Address—Enter the IP address of the target being tracked. Typically, this would be the IP address of the next hop gateway for the route, but it could be any network object available off of that interface.
SLA ID—A unique identifier for the SLA monitoring process. Valid values are from 1 to 2147483647.
Monitor Options—Click this button to open the Route Monitoring Options dialog box. In the Route Monitoring Options dialog box, you can configure the parameters of the tracked object monitoring process.
– (Optional) To set the broadcast flag to 1 in the DHCP packet header when the DHCP client sends a discover requesting an IP address, check
Enable DHCP Broadcast flag for DHCP request and discover messages
The DHCP server listens to this broadcast flag and broadcasts the reply packet if the flag is set to 1.
– (Optional) To renew the lease, click
Renew DHCP Lease
b. (Optional) Description—In the Description field, enter a description for this interface. The description can be up to 240 characters on a single line, without carriage returns.
Step 4 (Optional) To set the media type, duplex, speed, and enable pause frames for flow control, click
Configure Hardware Properties
a. Media Type—RJ-45 is the default.
to accept the Hardware Properties changes.
Step 5 (Optional) To set the MTU, MAC address, and flow control, click the
a. MTU—Sets the maximum transmission unit (MTU) for normal or jumbo Ethernet packets, between 64 and 9216 bytes. The default is 1500 bytes. You cannot set this value to be higher than the vPath MTU that you set in the “Setting the vPath MTU” section. For optimal performance, set the interface MTU to a maximum of the vPath MTU minus 164 bytes (twice the size of the maximum vPath header, which is 82 bytes).
b. Mac Address Cloning—To manually assign a MAC address to this interface, enter a MAC address in the Active Mac Address field in H.H.H format, where H is a 16-bit hexadecimal digit. For example, the MAC address 00-0C-F1-42-4C-DE would be entered as 000C.F142.4CDE. The first two bytes of a manual MAC address cannot be A2 if you also want to use auto-generated MAC addresses.
If you use failover, enter the standby MAC address in the Standby Mac Address field. If the active ASA 1000V fails over and the standby ASA 1000V becomes active, the new active ASA 1000V starts using the active MAC addresses to minimize network disruption, while the old active ASA 1000V uses the standby address.
c. Pause Frame for Flow Control—If you have a traffic burst, dropped packets can occur if the burst exceeds the buffering capacity of the FIFO buffer on the NIC and the receive ring buffers. Enabling pause frames for flow control can alleviate this issue. Pause (XOFF) and XON frames are generated automatically by the NIC hardware based on the FIFO buffer usage. A pause frame is sent when the buffer usage exceeds the high-water mark. After a pause is sent, an XON frame can be sent when the buffer usage is reduced below the low-water mark. The link partner can resume traffic after receiving an XON, or after the XOFF expires, as controlled by the timer value in the pause frame. If the buffer usage is consistently above the high-water mark, pause frames are sent repeatedly, controlled by the pause refresh threshold value.
– Enable Pause Frame—To enable pause (XOFF) frames for flow control on 1-Gigabit and 10-Gigabit Ethernet interfaces, check the
Enable Pause Frame
– Use Default Values—Check the Use Default Values check box to use the deafly values for the low watermark, high watermark, and pause time.
– Low Watermark—By default, the
value is 16 KB; you can set it between 0 and 47 KB.
– High Watermark—The default
value is 24 KB; you can set it between 0 and 47 KB.
– Pause Time—The default
value is 26624; you can set it between 0 and 65535.
Note Only flow control frames defined in 802.3x are supported. Priority-based flow control is not supported.
Step 6 Click
Step 7 Click