390 Email Security with Cisco IronPort Please enter a name for this IP interface (Ex: "InternalNet"): []> ManagementVLAN IP Address (Ex: 192.168.1.2): []> 192.168.3.110 Ethernet interface: 1. Data 1 2. Data 2 3. VLAN [1]> 3 2 Netmask (Ex: "255.255.255.0" or "0xffffff00"): [255.255.255.0]> Hostname: []> mgmt02.cisco.com Using VLANs on ESA is not especially common. It's not a feature that I can point to for solving any particular problem. It falls into the category of "there if you need it," and that you will likely know if your environment requires it. Other Advanced Configurations ESA offers a lot of features for network compatibility, but at the root, it is a UNIX-like network server. It is not a router, gateway, or firewall, and does not have any packet- routing capabilities or support for dynamic routing protocols. The network features that are available are intended for compatibility with your environment: The product feature focus is on Layer 7, not Layers 2­6. Static Routing Because the ESA is not a packet router, you have to explicitly state the routing path for networks that are not immediately Layer 3-adjacent to an interface on the ESA. If you want to use the ESA to span multiple networks by assigning IP interfaces to the different physical (or VLAN) ports, you'll find that you probably have to use static rout- ing to define the path for packets to take to reach remote networks. The basic example is the default route: This is the destination that all packets will be sent to, if the destina- tion of the packet is not network-adjacent to the ESA. All other routes you define must specify the destination network (using CIDR summaries) and the gateway where these packets should be sent.