Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

if we enable IP audit feature in physical interface, will it apply to sub-interface too ?

Hi - I have a query regarding the ip audit option in Cisco ASA, We have enabled IP audit features in outside physical interface and that interface is split into 2 sub-interface. Will it be effect in both sub-interfaces ? Pls clarify.

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Green

if we enable IP audit feature in physical interface, will it app

I do not believe that it will affect the subinterfaces.  When assigning the audit policy to an interface you need to specify the interface name and the policy only affects that specific interface even if there are subinterfaces associated with that physical interface.

You can easily check this by issuing the command show ip audit count interface for each interface.  You will see that only the physical interface will have any signatures associated with it while the subinterfaces have none.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
Cisco Employee

if we enable IP audit feature in physical interface, will it app

That is correct.  There is no inheritence of policy based commands from the physical interface to sub-interfaces.

Sincerely,

David.

3 REPLIES
VIP Green

if we enable IP audit feature in physical interface, will it app

I do not believe that it will affect the subinterfaces.  When assigning the audit policy to an interface you need to specify the interface name and the policy only affects that specific interface even if there are subinterfaces associated with that physical interface.

You can easily check this by issuing the command show ip audit count interface for each interface.  You will see that only the physical interface will have any signatures associated with it while the subinterfaces have none.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
Cisco Employee

if we enable IP audit feature in physical interface, will it app

That is correct.  There is no inheritence of policy based commands from the physical interface to sub-interfaces.

Sincerely,

David.

New Member

if we enable IP audit feature in physical interface, will it app

Thanks. I have verified it. Now i understood.

285
Views
0
Helpful
3
Replies
CreatePlease login to create content