InterfacesInterface Config

nameif [name]

Assigns a name to an interface for identification and security policy referencing.

Overview

The 'nameif' command is fundamental to Cisco ASA interface configuration. It assigns a logical name to a physical or subinterface, enabling the ASA to reference that interface in security policies, NAT rules, and routing. The name becomes the identifier for the interface throughout the configuration. Without a nameif, an interface cannot be used for traffic forwarding. The command also sets a default security level: the first interface named gets level 0, the second gets level 100, and subsequent ones get 0. Security levels control traffic flow between interfaces (higher to lower by default). This command is typically the first step after entering interface configuration mode. It is used in initial setup, when adding new interfaces, or when re-purposing an interface. In troubleshooting, verifying nameif assignments helps ensure interfaces are correctly identified and security levels are appropriate.

Syntax·Interface Config
nameif name

When to Use This Command

  • Assigning a name to a physical interface for traffic classification.
  • Naming a VLAN interface to match a specific security zone.
  • Renaming an interface to reflect its role (e.g., INSIDE, OUTSIDE).
  • Configuring a management-only interface with a logical name.

Parameters

ParameterSyntaxDescription
namenameA case-insensitive alphanumeric string (up to 48 characters) that uniquely identifies the interface. Common names include 'inside', 'outside', 'dmz', 'management'. The name cannot contain spaces or special characters.

Command Examples

Assigning name to GigabitEthernet0/0

interface gigabitethernet0/0 nameif outside
INFO: Security level for "outside" set to 0 by default.

The interface is named 'outside' and automatically assigned security level 0.

Assigning name to a subinterface

interface gigabitethernet0/1.100 nameif dmz
INFO: Security level for "dmz" set to 0 by default.

Subinterface is named 'dmz' with default security level 0.

Understanding the Output

The 'nameif' command itself does not produce a table output; it only returns an informational message. The message indicates the name assigned and the default security level (0 for outside, 100 for inside if not specified). To verify, use 'show nameif' which lists all interfaces with their names, security levels, and IP addresses. A healthy configuration shows each interface with a meaningful name and appropriate security level. Problematic values include duplicate names (not allowed) or missing names on interfaces that should be named.

Configuration Scenarios

Basic Inside/Outside Setup

A typical home office ASA with two interfaces: one for internal LAN, one for internet.

Topology

[Internet] --- (G0/0) ASA (G0/1) --- [Internal LAN]

Steps

  1. 1.Enter global configuration mode.
  2. 2.Enter interface configuration for G0/0.
  3. 3.Assign nameif outside.
  4. 4.Enter interface configuration for G0/1.
  5. 5.Assign nameif inside.
Configuration
interface gigabitethernet0/0
 nameif outside
 security-level 0
 ip address dhcp
!
interface gigabitethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!

Verify: Use 'show nameif' to confirm names and security levels.

Watch out: If you name the inside interface first, it gets security level 0, which is not desired. Always name outside first or manually set security-level.

Troubleshooting with This Command

When troubleshooting connectivity issues, the first step is to verify that all interfaces have proper nameif assignments. Use 'show nameif' to list all named interfaces. If an interface is missing, traffic cannot pass through it. Also check that security levels are correct: traffic from higher to lower security is allowed by default, but not the reverse. If you see unexpected traffic drops, verify that the nameif matches the intended security zone. Another common issue is duplicate names – the ASA will reject the configuration. If you need to rename an interface, you must first remove all configuration referencing the old name (e.g., IP address, ACLs). Use 'clear configure interface' to reset an interface completely. In multi-context mode, nameif is configured per context.

CCNA Exam Tips

1.

Remember that 'nameif' is required before assigning an IP address to an interface.

2.

Security levels are automatically set: 0 for first nameif, 100 for second, unless manually changed.

3.

On ASA, you cannot delete a nameif without removing all associated configuration (e.g., IP address, ACLs).

Common Mistakes

Forgetting to assign a nameif before configuring an IP address – results in error.

Using the same name on multiple interfaces – ASA rejects duplicate names.

Not setting security level explicitly when needed – default may not match security policy.

Platform Notes

On Cisco ASA, the 'nameif' command is mandatory before assigning an IP address. This differs from Cisco IOS where interfaces are named by default (e.g., FastEthernet0/0). On ASA, you must explicitly name each interface. The command is similar on Cisco FTD (Firepower Threat Defense) but configured via FMC or CLI. In ASA version 9.x and later, the behavior is consistent. There is no direct equivalent on IOS routers; instead, you use 'ip address' on the interface directly. The 'nameif' command is unique to ASA and FTD platforms.

Related Commands

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions