ASA inter-vlan routing

Answered Question
Jun 24th, 2014
User Badges:

Hi, I have this situation:

A client of mine has a switched network. On that network where no vlan is configured, he has multiple IP address on the same vlan (vlan 1). So, I´ve installed a 5505 with two vlans, and asigned each vlan to ethernet interfaces. I´ve made 2 connections, from switch to each ASA interface. The problem is when I execute show arp on the ASA, I receive the same entry on both interfaces.

I hope in first place that you understand my english, and in second place you can help me :-)

Best regards!

Correct Answer by Marvin Rhoads about 3 years 1 month ago

The ARP table will be built based on the ASA seeing ARP broadcasts and replies. If the client has one VLAN (= one broadcast domain) then both interfaces will see all of that traffic and build identical ARP tables.

The correct way to change this would be to create a second VLAN for the second set of IP addresses and assign the appropriate interfaces (including the second ASA client-facing interface) to that VLAN.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marvin Rhoads Tue, 06/24/2014 - 13:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

The ARP table will be built based on the ASA seeing ARP broadcasts and replies. If the client has one VLAN (= one broadcast domain) then both interfaces will see all of that traffic and build identical ARP tables.

The correct way to change this would be to create a second VLAN for the second set of IP addresses and assign the appropriate interfaces (including the second ASA client-facing interface) to that VLAN.

Actions

This Discussion