The FTD 1010 device supports switch ports. At this time, it is the only FTD device to support this feature. Switch mode support is read-only. You cannot create or modify an interface configured for switch port mode from the CDO UI at this time. To create or modify an interface for switch port mode, use the FDM console. See Configure VLAN Interfaces and Switch Ports for more information.
Switch ports forward traffic at Layer 2, using the switching function in hardware. Switch ports on the same VLAN can communicate with each other using hardware switching, and traffic is not subject to the FTD security policy. Access ports accept only untagged traffic, and you can assign them to a single VLAN. Trunk ports accept untagged and tagged traffic, and can belong to more than one VLAN.
From the FDM console, a switch port can be assigned as either an access port or a trunk port. Access ports accept only untagged traffic, and you can assign them to a single VLAN, whereas trunk ports accept untagged and tagged traffic, and can belong to more than one VLAN. You cannot configure the Management interface as a switch port. See Configure Switch Ports as Access Ports and Configure Switch Ports as Trunk Ports respectively for more information.
Note the following limitations:
- We strongly recommend not configuring an interface for switch port mode if your device is in an HA pair. If your device is configured for HA, use a physical firewall interface.
- You cannot configure the Management interface as a parent interface.
- You cannot use any member of the bridge group interface as a a switch port.
- Switch port mode does not support dynamic or multicast routing
- Switch port mode does not support passive interfaces.
- Switch port mode does not support etherchannels, or using an interface that is a member of an etherchannel.
- Switch port mode does not support virtual FTD devices.
- Only physical FTD 1010 devices support switchport mode configuration.
- Switchport mode does not support subinterfaces.