How to Create a Subinterface on a Cisco ASA

If you need to create a subinterface on an ASA  you will need the following information:


1. Identify which interface is going to be used on the firewall
2. Identify which subinterface ID is going to be used. Vaild IDs are 1 through 4294967293
3. Identify which VLAN ID is going to be used, I would recommend using the same VLAN ID as the subinterface ID however only IDs support for VLANS are 1 through 4094
4. (Optional) identify a nameif for the interface
4a If required identify a security level
4b. If required identify IP address and mask.




Here is an example of creating a subinterface ID 990 with vlan 990 and it is also a named interface so access list could be binded to the interface




ASA(config)# interface GigabitEthernet0/1.990
ASA(config-subif)# description Subinterface Vlan 990
ASA(config-subif)#   vlan 990
ASA1(config-subif)#   nameif VLAN990
INFO: Security level for "VLAN990" set to 0 by default.
ASA(config-subif)#   security-level 50
ASA(config-subif)#   ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2
ASA(config-subif)# no shutdown
ASA(config-subif)# exit