07-20-2019 11:53 AM
Hi,
please tell me,
Can I block a switch locally connected in a network with Cisco ASA 5500 series firewall, so that any computer connected to that switch does not get the ip address from firewall dhcp service?
Thanks.
07-20-2019 12:12 PM
Hi,
Not clear what you are asking. If the hosts supposed to get IPs from the firewall than they have to communicated with it to get IPs, if not, hosts without IPs can't communicate with anything. This is assuming the firewall is the gateway for the hosts.
HTH
07-21-2019 07:51 AM
07-20-2019 12:18 PM
07-21-2019 08:08 AM
07-21-2019 08:53 AM
07-21-2019 12:02 PM
There are several things in the original question that are not clear. The little part that is clear is that there is some switch in the network that is not directly connected to the ASA. So it implies that some switch(es) are connected to the ASA and provide connectivity to this switch. It is not clear but seems logical that the ASA connection to switches is on a trunk port where the trunk carries multiple vlans. It is implied but not entirely clear that all DHCP for this network is provided by the ASA. It is not clear whether all devices in this switch are in a single vlan or are in multiple vlans. It is not clear whether the vlan (or vlans) with devices on this switch also have devices in other switches that are in the vlans used on this switch. Can we get clarification about this?
The one possibility that I can see is that if the devices on this switch are in vlan(es) that are not used on other switches then the ASA can just not have a DHCP scope configured for those subnets. Otherwise I am not clear how this could be accomplished. Perhaps some other alternative might emerge if we get clarification about this environment.
HTH
Rick
07-24-2019 11:59 AM
07-24-2019 11:56 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide