Switching

The ASA enables you to configure multiple logical interfaces connected to a single physical interface. Therefore, you can assign the logical interfaces to specific VLANs.

These logical interfaces are called subinterfaces. You can assign only a single VLAN to a subinterface. Each subinterface must have a VLAN ID before it can pass traffic. Because VLANs enable you to keep traffic separate on a given physical interface, you can increase the number of interfaces available to your network without adding additional physical interfaces or security appliances. Therefore, you can use the ASA in areas that require more interfaces than exist on the installed ASA.

When a physical interface is split into subinterfaces, the physical interface becomes an 802.1Q trunk. This is the same concept as when a switch port on a Cisco Catalyst switch is configured as a trunk to pass VLAN traffic between switches.