10-27-2011 01:58 AM - edited 03-11-2019 02:43 PM
Hey all.
Looks like at some point a Cisco TAC member added, "same-security-traffic permit intra-interface" to my config. Since I have a base license, I only have 3 vlans (2 1/2 really): inside, outside and dmz, which are on security levels 100, 0, and 50, respectively.
What is the point of "same-security-traffic permit intra-interface" when each interface is on a different security level?
Basically, is there any reason at all to keep the rule in place or can I safely remove it?
Thanks
Solved! Go to Solution.
10-27-2011 02:17 AM
Hi Noah,
Yes, you can very well delete it, it doesnt server any purpose of none if the interfaces are on same security levels.
Hope that helps.
Thanks,
Varun
10-27-2011 02:11 AM
Hi Noah,
It says "intra-interface" not "inter-interface". Intra-interface is used to u-turn the traffic when the source and destination are both behind teh same interface. If you have any such requirement , don't remove it otherwise you can.
Hope that helps.
Thanks,
Varun
10-27-2011 02:15 AM
@Varun, thanks, but actual rule in place is, "same-security-traffic permit inter-interface"
Think I was googling and "intra" came up without my noticing it.
So, given that the rule is inter-interface, does it serve any purpose in my setup?
10-27-2011 02:17 AM
Hi Noah,
Yes, you can very well delete it, it doesnt server any purpose of none if the interfaces are on same security levels.
Hope that helps.
Thanks,
Varun
10-27-2011 02:55 AM
done, removed, thanks ;-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide