Layer 2 Interfaces
Table of Contents
Layer 2 Interfaces
Description of Layer2 switching between networks, with and without VLANs.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
In a Layer 2 deployment, the firewall provides switching
between two or more networks. Devices are connected to a Layer 2
segment; the firewall forwards the frames to the proper port, which
is associated with the MAC address identified in the frame. Configure
a Layer 2 Interface when switching is required.
If you’re using security group tags (SGTs)
in a Cisco TrustSec network, it’s a best practice to deploy inline firewalls
in either Layer 2 or virtual wire mode. Firewalls in Layer 2 or
virtual wire mode can inspect and provide threat prevention for the
tagged traffic.
The following topics describe the different types of Layer 2 interfaces you can configure for
each type of deployment you need, including details on using virtual LANs (VLANs) for
traffic and policy separation among groups:
- Understand Layer 2 interfaces with no VLANs and Configure a Layer 2 Interface.
- Understand Layer 2 interfaces with VLANs and Configure a Layer 2 Interface, Subinterface, and VLAN.
Another topic describes how the firewall rewrites the inbound port VLAN ID number in a
Cisco per-VLAN spanning tree (PVST+) or Rapid PVST+ bridge protocol data unit (BPDU).
You can Manage Per-VLAN Spanning Tree (PVST+) BPDU Rewrite.