Enable Interface
|
When selected, enables the interface.
When deselected, disables the interface using the shutdown command.
|
Type
|
Specifies whether the definitions apply to an interface or a subinterface.
For details about defining a subinterface, see Create and Edit Interface Dialog Boxes—Subinterfaces.
|
Name (Select button)
|
Displays the generated interface name, if the name has been set.
Click Select to open the Interface Auto Name Generator Dialog Box. From here, you can enter or edit the details that Security Manager uses to generate an interface name.
|
Mode
|
The port configuration type for this interface.
Select Trunk Port to display the configuration options that are relevant for trunk ports.
|
Trunk Port settings
|
Encapsulation
|
Select one of the following:
-
DOT1Q—Specifies VLAN encapsulation on the trunk link, as defined by the IEEE 802.1Q standard. Applies only to Ethernet subinterfaces.
-
ISL—Specifies ISL encapsulation on the trunk link. 10-Gigabit Ethernet ports do not support ISL encapsulation.
Tip
|
To configure DOT1Q encapsulation on an Ethernet interface without associating the VLAN with a subinterface, enter the vlan-id dot1q command using CLI commands or FlexConfigs. Configuring VLANs on the main interface increases the number of VLANs that can
be configured on the router.
|
|
Native VLAN (Select button)
|
Enables you to select the Native VLAN to associate with this interface, using the ID specified in the VLAN ID field. (If no
VLAN ID is specified for the Native VLAN, the default is 1.) This option applies to you only if you are configuring a physical
interface that is meant to serve as an 802.1Q trunk interface.
You must first specify DOT1Q as the encapsulation type.
The Native VLAN of a trunk interface is the VLAN to which all untagged VLAN packets are logically assigned. This includes
the management traffic associated with the VLAN.
When deselected, the Native VLAN is not associated with this interface.
Note
|
The Native VLAN cannot be configured on a subinterface of the trunk interface. Be sure to configure the same Native VLAN value
at both ends of the link; otherwise, traffic may be lost or sent to the wrong VLAN.
|
Click Select to open the VLAN Selector Dialog Box. From here, you can associate a native VLAN with the described interface.
|
Enable DTP negotiation
|
When selected, enables Dynamic Trunking Protocol (DTP) negotiation. DTP manages trunk auto-negotiation (ISL and 802.1Q) between
devices.
When deselected, disables DTP negotiation.
|
Allowed VLANs (Select button)
|
Enables you to specify which VLANs are allowed on the trunk. Enter the VLAN IDs. Use commas to separate multiple VLANs or
use a hyphen to indicate a range of VLANs (for example, 12,17,22 or 2-200). Valid IDs range from 1 to 4094.
Or, click Select to open the VLAN Selector Dialog Box. From here, you can select the VLANs to include on the trunk.
|
Prune VLANs (Select button)
|
Enables you to specify which VLANs are eligible for pruning. Enter the VLAN IDs. Use commas to separate multiple VLANs or
use a hyphen to indicate a range of VLANs (for example, 12,17,22 or 2-200.)
Or, click Select to open the VLAN Selector Dialog Box. From here, you can select the VLANs that are eligible for pruning.
|
Enable VACL Capture
|
When selected, enables VACL capture. If the capture bit is set, ports with the capture function enabled can receive forwarded
packets.
When deselected, disables VACL capture.
|
Capture VLANs (Select button)
|
Enables you to identify the VLANs where VACLs should receive forwarded VLAN packets. This option is available if you selected
the Enable VACL Capture check box.
Enter a comma-separated list of VLAN IDs, or click Select to open the VLAN Selector Dialog Box.
VACLs can capture VLAN packets only when they are initially routed or bridged into the VLAN. Only forwarded packets can be
captured.
|
Enable Port Security
|
Applies only to devices running IOS Software Version 12.2(18)SXE2 or later.
When selected, enables you to restrict input to an interface by limiting the MAC addresses that are allowed to access the
port.
When deselected, disables port security.
Note
|
If you select this option, the Enable DTP Negotiation option is automatically deselected.
|
|
Max. MAC Addresses
|
Applies only when Enable Port Security is selected.
The maximum number of secure MAC addresses for the interface. Valid values range from 1 to 4097.
Note
|
Secure MAC addresses are configured dynamically using the MAC addresses of connected devices.
|
|
Violation Policy
|
The action to take if a security violation occurs:
-
Port Security Protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses
and the count drops below the maximum value.
-
Port Security Restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses
and the count drops below the maximum value. In addition, it causes the SecurityViolation counter to increment.
-
Port Security Shutdown—Immediately puts the interface into the error-disabled state and sends an SNMP trap notification.
A security violation occurs if a workstation whose MAC address is not in the address table attempts to access the interface
after the maximum number of secure MAC addresses is configured.
|
Common interface settings
|
Speed
|
The speed of the physical interface:
-
10—Transmits at 10 Mbps.
-
100—Transmits at 100 Mbps.
-
1000—Transmits at 1,000 Mbps.
-
10000—Transmits at 10,000 Mbps.
-
Auto—If Speed is set to Auto, both Speed and Duplex are autonegotiated.
-
Non-Negotiate—Disables link negotiation.
|
Duplex
|
The duplex setting of the interface:
-
Auto—Autonegotiates the duplex.
-
Half—Sends and receives data, but not at the same time
-
Full—Sends and receives data at the same time.
If the speed is set to Auto, the duplex setting must also be set to Auto.
|
MTU
|
The maximum transmission unit, which refers to the largest packet size (in bytes) that can be handled by the interface. The
range of valid values depends on the interface type.
|
Description
|
A text description of the interface. Enter up to 240 characters on a single line, without using carriage returns.
Note
|
For multiple context mode, the system description is independent of the context description.
|
|
Flow Control Receive
|
The flow control setting for incoming frames:
-
Off—The port does not use flow control, regardless of whether the neighboring port requests flow control.
-
On—The port uses flow control, as dictated by the neighboring port.
-
Desired—The port allows, but does not require, flow control frames.
Flow control frames (also called pause frames) are special packets that signal a source to stop sending frames for a defined
interval when buffers are full.
|
Flow Control Send
|
The flow control setting for outgoing frames:
-
Off—The port does not send flow control frames to the neighboring port.
-
On—The port sends flow control frames to the neighboring port.
-
Desired—The port allows, but does not require, flow control frames.
|
Roles
|
Lists the interface roles associated with the interface. Interface roles are objects that are replaced with the actual interface
IP addresses when the configuration is generated for each device. They allow you to define generic rules—ones that can apply
to multiple interfaces. See Understanding Interface Role Objects.
|