cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2421
Views
0
Helpful
4
Replies

ASA 5506 9.7.1 BVI

babiojd01
Level 1
Level 1

So I have been playing with this release and noticed some things. It seems even if I have an acl applied to the individual bvi interfaces like inside_1-Inside_7 permitting ip any any, Same-security traffic command is mandatory. As soon as I remove that traffic stops between host associated with the same bvi. Also, where is the proper place to put an egress acl? Inbound direction of inside_1 or the bvi interface inside?

4 Replies 4

babiojd01
Level 1
Level 1

I guess I answered my own question.

inside_* acl applies to hosts within the bridge if same acl is applied to all interfaces associated with a particular bridge-group.

inside acl applied to the bvi interface  applies to the hosts traversing the bridges layer 3 interface.

Hi,

 

Do I have same issue?

 

I have BVI created and assigned there one subinterface and one physical port:

 

interface BVI2
nameif Guest
security-level 10
ip address 192.168.10.254 255.255.255.0

interface GigabitEthernet1/3
bridge-group 2
nameif Guest_2
security-level 10

interface GigabitEthernet1/2.2
vlan 2
bridge-group 2
nameif SwTrGuest
security-level 10

 

I have 2 hosts: one is connected through switch (trunk from asa port GigabitEthernet1/2.2) and another one connected directly to interface GigabitEthernet1/3. I cannot ping each other although they have IPs from the same subnet. 

 

But I can ping both of them from another VLAN interface GigabitEthernet1/2.10

 

interface GigabitEthernet1/2.10
vlan 10
nameif TEST_Vlan
security-level 100
ip address 10.221.11.254 255.255.255.0

 

Why 2 hosts in the same BVI cannot communicate (same security level) but can speak to other hosts? Do I need to apply ACL?

 

Thanks,

Did you ever resolve this issue? We are running into the same issue and it appears the sub-interface is causing the issue as when they are just on physical ports it works fine.

No, just created another vlan (

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: