Configure Switch Ports as Access Ports
To assign a switch port to a single VLAN, configure it as an access port. Access ports accept only untagged traffic. By default, Ethernet1/2 through Ethernet 1/8 switch ports are assigned to VLAN 1 on the Firepower 1010 and Secure Firewall 1210. On Secure Firewall 1220, by default, Ethernet1/2 through Ethernet 1/10 switch ports are assigned to VLAN 1.
Note | The device does not support Spanning Tree Protocol for loop detection in the network. Therefore you must ensure that any connection with the threat defense does not end up in a network loop. |
Procedure
Step 1 | Select Edit () for your threat defense device. The Interfaces page is selected by default. and click |
Step 2 | Click Edit () for the interface you want to edit. |
Step 3 | Enable the interface by checking the Enabled check box. |
Step 4 | (Optional) Add a description in the Description field. The description can be up to 200 characters on a single line, without carriage returns. |
Step 5 | Set the Port Mode to Access. |
Step 6 | In the VLAN ID field, set the VLAN for this switch port, between 1 and 4070. The default VLAN ID is 1. |
Step 7 | (Optional) Check the Protected check box to set this switch port as protected, so you can prevent the switch port from communicating with other protected switch ports on the same VLAN. You might want to prevent switch ports from communicating with each other if: the devices on those switch ports are primarily accessed from other VLANs; you do not need to allow intra-VLAN access; and you want to isolate the devices from each other in case of infection or other security breach. For example, if you have a DMZ that hosts three web servers, you can isolate the web servers from each other if you enable Protected on each switch port. The inside and outside networks can both communicate with all three web servers, and vice versa, but the web servers cannot communicate with each other. |
Step 8 | (Optional) Set the duplex and speed by clicking Hardware Configuration. Check the Auto-negotiation check box (the default) to auto-detect the speed and duplex. If you uncheck it, you can set the speed and duplex manually:
|
Step 9 | Click OK. |
Step 10 | Click Save. You can now go to and deploy the policy to assigned devices. The changes are not active until you deploy them. |