04-25-2017 06:06 AM - edited 03-12-2019 02:15 AM
So I have been playing with this release and noticed some things. It seems even if I have an acl applied to the individual bvi interfaces like inside_1-Inside_7 permitting ip any any, Same-security traffic command is mandatory. As soon as I remove that traffic stops between host associated with the same bvi. Also, where is the proper place to put an egress acl? Inbound direction of inside_1 or the bvi interface inside?
04-27-2017 05:55 AM
I guess I answered my own question.
inside_* acl applies to hosts within the bridge if same acl is applied to all interfaces associated with a particular bridge-group.
inside acl applied to the bvi interface applies to the hosts traversing the bridges layer 3 interface.
11-11-2017 03:36 PM
Hi,
Do I have same issue?
I have BVI created and assigned there one subinterface and one physical port:
interface BVI2
nameif Guest
security-level 10
ip address 192.168.10.254 255.255.255.0
interface GigabitEthernet1/3
bridge-group 2
nameif Guest_2
security-level 10
interface GigabitEthernet1/2.2
vlan 2
bridge-group 2
nameif SwTrGuest
security-level 10
I have 2 hosts: one is connected through switch (trunk from asa port GigabitEthernet1/2.2) and another one connected directly to interface GigabitEthernet1/3. I cannot ping each other although they have IPs from the same subnet.
But I can ping both of them from another VLAN interface GigabitEthernet1/2.10
interface GigabitEthernet1/2.10
vlan 10
nameif TEST_Vlan
security-level 100
ip address 10.221.11.254 255.255.255.0
Why 2 hosts in the same BVI cannot communicate (same security level) but can speak to other hosts? Do I need to apply ACL?
Thanks,
07-09-2018 08:38 AM
Did you ever resolve this issue? We are running into the same issue and it appears the sub-interface is causing the issue as when they are just on physical ports it works fine.
07-09-2018 08:40 AM
No, just created another vlan (
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: