There are literally thousands of commands and sub-commands available to configure a Cisco security appliance. As you gain knowledge of the appliance, you will use more and more of the commands. Initially, however, there are just a few commands required to configure basic functionality on the appliance. Basic functionality is defined as allowing inside hosts to access outside hosts, but not allowing outside hosts to access the inside hosts. Additionally, management must be allowed from at least one inside host. Here are eight basic commands:
**interface** The interface command identifies either the hardware interface or the VLAN interface that will be configured. Once in interface configuration mode, you can assign physical interfaces to switchports and enable them (turn them on) or you can assign names and security levels to VLAN interfaces.
**nameif** The nameif command gives the interface a name and assigns a security level. Typical names are outside, inside, or DMZ.
**security-level** Security levels are used by the appliance to control traffic flow. Traffic is permitted to flow from interfaces with higher security levels to interfaces with lower security levels, but not the other way. Access-lists must be used to permit traffic to flow from lower security levels to higher security levels. Security levels range from 0 to 100. The default security level for an outside interface is 0. For an inside interface, the default security level is 100.
In the following sample configuration, the interface command is first used to name the inside and outside VLAN interfaces, then the DMZ interface is named and a security level of 50 is assigned to it.
ciscoasa(config)# interface vlan1 ciscoasa(config-if)# nameif inside INFO: Security level for "inside" set to 100 by default. ciscoasa(config-if)# interface vlan2 ciscoasa(config-if)# nameif outside INFO: Security level for "outside" set to 0 by default. ciscoasa(config-if)#interface vlan3 ciscoasa(config-if)# nameif dmz ciscoasa(config-if)# security-level 50
**ip address** The ip address command assigns an IP address to a VLAN interface either statically or by making it a DHCP client. With modern versions of security appliance software, it is not necessary to explicitly configure default subnet masks. If you are using non-standard masks, you must explicitly configure the mask, but otherwise, it's not necessary.
In the following sample configuration, an IP address is assigned to VLAN 1, the inside interface.
ciscoasa(config-if)# interface vlan 1 ciscoasa(config-if)# ip address 192.168.1.1
**switchport access** The switchport access command on the ASA 5505 security appliance assigns a physical interface to a logical (VLAN) interface. In the next example, the interface command is used to identify physical interfaces, assign them to switchports on the appliance, and enable them (turn them on) through the use of the "no shutdown" statement.
Page 1 of 2 :: First | Last ::  Prev | 1 2 | Next 
|
