Parameter Description
subinterface Assigns the subinterface number. You can specify a range of subinterfaces
such as ethernet1.0–ethernet0.100
visible (Optional) Allows context users to see the physical interface properties in
the show interface command even if a mapped name is assigned.
invisible (Default) Allows context users to only see the mapped name (if configured)
in the show interface command.
The allocate-interface command can assign multiple interfaces at once, as long as they are
the same interface type or they are all subinterfaces of the same physical interface.
Each interface or group of interfaces is assigned mapped names that must adhere to the
following guidelines:
■ The mapped name must consist of an alphabetic portion followed by a numeric portion.
The alphabetic portion must be consistent throughout an assigned range of interfaces.
■ The numeric portion of the mapped name must include the same quantity of numbers as
the subinterface range.
Example 9-2 illustrates how to assign a range of interfaces to a context. Interfaces assigned
to a context are seen as the mapped name by default when a show interface command is
executed. This restricts administrators of specific security contexts from being able to see the
physical interface names. This can be changed by adding the visible attribute to the allocateinterface
command on a context. An administrator in the admin context can always see the
physical interface named.
Allocating Interfaces to a Context
pixfw1(config)# context sciencelab1
pixfw1(config-ctx)# allocate-interface gigabitethernet0/1 int0
pixfw1(config-ctx)# allocate-interface gigabitethernet1/1.1-gigabitethernet1/1.100 int1-
int100
pixfw1(config-ctx)#
NOTE If a context is configured as a transparent firewall, the context can only be
assigned two interfaces, with the exception of the management port, which can be assigned
as the third interface.