Here's a good article that should explain the MAC table creation for the ASA while in transparent mode. In short, the switch is not going to pass frames between VLANs unless it's explicitly bridged.
http://packetu.com/content/view/51/
-ryan
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of ehtesham ali
Sent: Saturday, November 13, 2010 6:09 AM
To: ccielab_at_groupstudy.com
Subject: transparent fw issues
Hi group ,
i have then following senario on transparent firewall . The pc and fw e0/1 belongs to vlan 10 and server , firewall e0/0 belongs to vlan 10.
10.0.0.1
pc1------------------------------[ swith ]-----------------------------------server 10.0.0.254
| |
| |
e0/1 | | eo/o
firewall.
when pc1 arps for server mac address. the server will respond to it . here i get the logic of using two vlans even though the subnet is same
when pc 1 sends the frame with layer 2 dest add of server , the swithch will forward the frame based on mac address table out to the port connected to server
just wanted to know where does firewal come in.
kindly guide me if i am wrong. i want every packet destined to server should first pass through the firewall in l2 mode.
if the pc is sendig frames with server mac add as l2 destination address..then i believe the switch will just look at frames layer 2 header , looks in cam table and simply forward it out of link connected to server.
thanks
Blogs and organic groups at http://www.ccie.net
Received on Sat Nov 13 2010 - 13:54:36 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART