Configure Switch Ports as Access Ports

To assign a switch port to a single VLAN, configure it as an access port. Access ports accept only untagged traffic. By default, Ethernet1/2 through Ethernet 1/8 switch ports are assigned to VLAN 1 on the Firepower 1010 and Secure Firewall 1210. On Secure Firewall 1220, by default, Ethernet1/2 through Ethernet 1/10 switch ports are assigned to VLAN 1.

Note

The device does not support Spanning Tree Protocol for loop detection in the network. Therefore you must ensure that any connection with the threat defense does not end up in a network loop.

Procedure


Step 1

Select Devices > Device Management and click Edit (edit icon) for your threat defense device. The Interfaces page is selected by default.

Step 2

Click Edit (edit icon) for the interface you want to edit.

Edit Physical Interface
Edit Physical Interface

Step 3

Enable the interface by checking the Enabled check box.

Step 4

(Optional) Add a description in the Description field.

The description can be up to 200 characters on a single line, without carriage returns.

Step 5

Set the Port Mode to Access.

Step 6

In the VLAN ID field, set the VLAN for this switch port, between 1 and 4070.

The default VLAN ID is 1.

Step 7

(Optional) Check the Protected check box to set this switch port as protected, so you can prevent the switch port from communicating with other protected switch ports on the same VLAN.

You might want to prevent switch ports from communicating with each other if: the devices on those switch ports are primarily accessed from other VLANs; you do not need to allow intra-VLAN access; and you want to isolate the devices from each other in case of infection or other security breach. For example, if you have a DMZ that hosts three web servers, you can isolate the web servers from each other if you enable Protected on each switch port. The inside and outside networks can both communicate with all three web servers, and vice versa, but the web servers cannot communicate with each other.

Step 8

(Optional) Set the duplex and speed by clicking Hardware Configuration.

Hardware Configuration
Hardware Configuration

Check the Auto-negotiation check box (the default) to auto-detect the speed and duplex. If you uncheck it, you can set the speed and duplex manually:

  • Duplex—Choose Full or Half.

  • Speed—Choose 10mbps, 100mbps, or 1gbps.

Step 9

Click OK.

Step 10

Click Save.

You can now go to Deploy > Deployment and deploy the policy to assigned devices. The changes are not active until you deploy them.