02-06-2018 06:23 AM - edited 02-21-2020 07:17 AM
Hello,
I am using a Cisco ASA 5506-X with FirePower. As of Firmware asa971-16-lfbff-k8 it is possible to bridge multiple physical interfaces to i.e. overcome the shortage of switching capabilities on the GigabitEthernet ports.
With that being said I created a bridge group "BVI1" with "nameif inside" and put the GigabitEthernet interfaces 5 to 8 into "bridge-group 1" with "nameif inside_1", "nameif inside_2", "nameif inside_3" and "nameif inside_4".
While it is possible to create access-groups pointing to one of the physical interface nameif's and to the bridge group interface nameif it is NOT possible to set "http" or "ssh"access to a configured bridge group nameif.
Is this working as intended? If yes, is there any reason for that?
I would have guessed that it is possible to set http and ssh to a bridge group nameif.
I would have as well guessed that it would not be possible anymore to set an access-group to a nameif on a physical interface which has been added to a bridge group.
02-06-2018 10:49 AM
02-07-2018 01:12 PM
I'm curious why you are doing BVI as opposed to Port channels
02-07-2018 11:25 PM
I am intending to use multiple physical GigabitEthernet ports of the ASA 5506-X for the same network subnet to connect different clients.
As far as I have understood Port Channels would be used to increase throughput and/or redundancy to compensate for possible link failures.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide