Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. It might not be necessary to memorize the complete syntax of every command, but you should be able to remember the basic keywords that are needed.

To test your memory of the commands, cover the right side of Table 3-4 with a piece of paper, read the description on the left side, and then see how much of the command you can remember.

Table 3-4. Commands Related to ASA Interface Configuration and Verification


Command Syntax

List physical interfaces

ciscoasa# show version

List interfaces that have a name and security level

ciscoasa# show nameif

List ASA 5505 interfaces and VLAN mapping

ciscoasa# show switch vlan

Configure the speed, duplex mode, and state of a physical interface

ciscoasa(config)# interface hardware-id

ciscoasa(config-if)# speed {auto | 10 | 100 | 1000}

ciscoasa(config-if)# duplex {auto | full | half}

ciscoasa(config-if)# [no] shutdown

Map an ASA 5505 physical interface to a VLAN

ciscoasa(config-if)# switchport access vlan


Define a redundant interface and its member interfaces

ciscoasa(config)# interface redundant number

ciscoasa(config-int)# member-interface


ciscoasa(config-if)# [no] shutdown

Set the LACP system priority

ciscoasa(config)# lacp system-priority-priority

Configure a physical interface to become a member of an EtherChannel

ciscoasa(config)# interface type mod/num

ciscoasa(config-if)# channel-protocol lacp

ciscoasa(config-if)# channel-group number

mode {on | passive | active}

ciscoasa(config-if)# lacp port-priority


Define a physical subinterface that is mapped to a VLAN number

ciscoasa(config)# interface


ciscoasa(config-subif)# vlan vlan_id

Configure an ASA 5505 VLAN interface

ciscoasa(config)# interface vlan vlan-id

Assign an interface name

ciscoasa(config-if)# nameif if_name

Assign an IP address to an interface

ciscoasa(config-if)# ip address ip-address [subnet-mask]

Configure an interface to request an IP address from a DHCP server

ciscoasa(config-if)# ip address dhcp [setroute]

Assign a security level to an interface

ciscoasa(config-if)# security-level level

Allow traffic to pass between interfaces with the same security level, either across two interfaces or across logical in erfaces within a single physical interface, respectively

ciscoasa(config)# same-security-traffic permit inter-interface

ciscoasa(config)# same-security-traffic permit intra-interface

Set the interface MTU size

ciscoasa(config)# mtu if_name bytes

Allow jumbo Ethernet frames on an ASA 5580

ciscoasa(config-if)# jumbo-frame reservation

Display interface details

ciscoasa# show interface if_name

Display the status of a redundant interface

ciscoasa# show interface redundant number

Display interfaces and their IP addresses and status

ciscoasa# show interface ip brief

Display a summary status of an Ether-Channel and its member interfaces

ciscoasa# show port-channel summary

The FIREWALL exam focuses on practical, hands-on skills that are used by a networking professional. Therefore, you should be able to identify the commands needed to configure and test an ASA feature.

