6-12 Assigning an IP Address to Management Port in Single-Context Mode
Pix(config)# ip address 10.10.10.1 255.255.255.0
Pix(config)# exit
Pix# show ip address
Management System IP Address:
ip address 10.10.10.1 255.255.255.0
Management Current IP Address:
ip address 10.10.10.1 255.255.255.0
168 Chapter 6: Getting Started with the Cisco Security Appliance Family of Firewalls
Traffic Management in Transparent Mode
Now that you have transparent mode enabled on the Security Appliance, you must allow
more than just ARP traffic through the firewall. Extended access lists must be configured for
each traffic type you wish to allow through the firewall. For non-IP traffic, you must
configure EtherType access lists. Both types of access lists, once configured, must be assigned
to one of the two interfaces, or both, to be enabled. The syntax for extended access lists is
the same as those used in nontransparent mode, and detailed configuration of these access
lists can be found in Chapter 7, “Configuring Access.” EtherType access lists are used when
non-IP traffic is required to pass through the firewall. EtherType access lists are connectionless
and must be applied to both interfaces to operate correctly. To create an EtherType access
list, use the ethertype attribute with the access-list command:
access-list id ethertype {deny | permit}{ipx | bpdu | mpls-unicast | mpls-multicast | any
| hex_number}
Table 6-16 describes the parameters for the access-list ethertype command.
Example 6-13 Assigning an IP Address to Management Ports in Multiple-Context Mode
Pix/admin(config)# ip address 10.10.10.1 255.255.255.0
Pix/admin(config)# changeto context1
Pix/context1(config)# ip address 10.10.11.1 255.255.255.0
Pix/context1(config)# changeto context2
Pix/context2(config)# ip address 10.10.12.1 255.255.255.0