A Cisco ASA can have sub-interfaces defined on an interface, vlan tags through that physical interface which are considered by the software as a separate logical interface.
This page includes information on the maximum number of sub-interfaces that can be defined; what I'm interested in confirming whether this limit is a global limit including every defined vlan on any interface, or a per-interface limit.
The page linked seems to imply that it's global, but the configuration "feels" more like a per-interface limit:
interface GigabitEthernet0/2.28
vlan 28
nameif foo
security-level 5
ip address 10.2.3.1 255.255.255.0
My hunch is that it's global, but my Google-fu is failing to find anything to back that up (and we'll need to get working on getting a new firewall budgeted if I'm right; proof is good before going to the bean counters). Can anyone confirm?
Best Answer
The number of VLANs (subinterfaces) an ASA can support depends on the model and license you are using (for models below the 5520). So this number is pretty much global and not per-physical interface. Cisco ASA - Supported Feature Licenses Per Model