nameif


Overview

Name interfaces and assign security levels

nameif hardware_id if_name security_level

show nameif

clear nameif


Parameters

hardware_id Interface's slot location on the firewall motherboard.

Interface boards are numbered from the leftmost slot nearest the power supply as slot 0. The internal network interface must be in slot 1. The lowest security_level external interface board is in slot 0 and the next lowest security_level external interface board is in slot 2.

Possible choices are ethernetn for Ethernet or token-ringn for Token Ring.

These names can be abbreviated with any leading characters in the name; for example, ether1, e2, token0, or t0.

if_name A name for the internal or external network interface of up to 48 characters in length. This name can be uppercase or lowercase. By default, the inside interface is called "inside" and the outside interface is called "outside"
security_level
outside 0
inside 100
perimeter 1 thru 99

By default, a firewall sets the security level for the inside interface to security100 and the outside interface to security0. The first outside interface set to security10, the second to security15, the third to security20, and the fourth outside interface (a total of 6 interfaces are permitted, with a total of 4 outside interface

For access from a higher security to a lower security level, nat/global, or static commands must be present.

For access from a lower security level to a higher security level, static and access-list commands must be present.

Interfaces with the same security level cannot communicate with each other. Every interface should a unique security level.


 

Description

 

Interface Security Restrictions
inside 100 Cannot be renamed. Cannot be given a different security level.
outside 0 Can be renamed. Cannot be given a different security level.

 

Using clear nameif resets default interface names and security levels.

After running nameif, run clear xlate

An interface is always "external" with respect to another interface that has a higher security level.

(Configuration mode.)


Examples

The following example shows use of the nameif command:

nameif ethernet2 perimeter1 sec50
nameif ethernet3 perimeter2 sec20