Add a Subinterface

Add one or more subinterfaces to a physical, redundant, or port-channel interface.

For the Firepower 4100/9300, you can configure subinterfaces in FXOS for use with container instances; see Add a VLAN Subinterface for Container Instances. These subinterfaces appear in the Cloud-Delivered Firewall Management Center interface list. You can also add subinterfaces in Cloud-Delivered Firewall Management Center, but only on parent interfaces that do not already have subinterfaces defined in FXOS.

Note

The parent physical interface passes untagged packets. You may not want to pass untagged packets, so be sure not to include the parent interface in your security policy.

Procedure

Step 1

Select Devices > Device Management and click Edit (edit icon) for your Firewall Threat Defense device. The Interfaces page is selected by default.

Step 2

Enable the parent interface according to Enable the Physical Interface and Configure Ethernet Settings.

Step 3

Click Add Interfaces > Sub Interface.

Step 4

On General, set the following parameters:

Add Subinterface
Add Subinterface

  1. Interface—Choose the physical, redundant, or port-channel interface to which you want to add the subinterface.

  2. Sub-Interface ID—Enter the subinterface ID as an integer between 1 and 4294967295. The number of subinterfaces allowed depends on your platform. You cannot change the ID after you set it.

  3. VLAN ID—Enter the VLAN ID between 1 and 4094 that will be used to tag the packets on this subinterface.

    This VLAN ID must be unique.

Step 5

Click OK.

Step 6

Click Save.

You can now go to Deploy > Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them.

Step 7

Configure the routed or transparent mode interface parameters. See Configure Routed Mode Interfaces or Configure Bridge Group Interfaces.