Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Strange behavior with Communication between sub-interfaces

I have a 5550 with 10 sub-interfaces (vlans) configured on Five physical Interfaces. Each sub-interface has a different security level based on function. I've noticed that I only have to write an egress rule for traffic to pass from a lower security level interface to higher security level interface. I would have thought I would need to write rules to allow the traffic in both the out and in directions. We are not using NAT, all public IP addresses. Any thoughts on this? Example: if I allow tcp port 3389 out of our production data vlan to our admin vlan I only have to write an ACL that says allow tcp/3389 out of production data. I do not need to write an ACL that allows tcp/3389 into the admin vlan. Is this normal behavior?

1 REPLY

Re: Strange behavior with Communication between sub-interfaces

Yes it's normal. It's what makes up the stateful firewall.

http://en.wikipedia.org/wiki/Stateful_firewall

122
Views
0
Helpful
1
Replies
CreatePlease to create content