Strange behavior with Communication between sub-interfaces

Unanswered Question
Sep 10th, 2009

I have a 5550 with 10 sub-interfaces (vlans) configured on Five physical Interfaces. Each sub-interface has a different security level based on function. I've noticed that I only have to write an egress rule for traffic to pass from a lower security level interface to higher security level interface. I would have thought I would need to write rules to allow the traffic in both the out and in directions. We are not using NAT, all public IP addresses. Any thoughts on this? Example: if I allow tcp port 3389 out of our production data vlan to our admin vlan I only have to write an ACL that says allow tcp/3389 out of production data. I do not need to write an ACL that allows tcp/3389 into the admin vlan. Is this normal behavior?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion