Thanks Carlos
Great answer.
can you kindly explain this.
--> when PC B (VLAN 2) sends any traffic to PC A (vlan 1) . The switch
records the mac address in its cam table.
when PC A sends any unicast traffic to PC B it will be send directly to port
connected to PC B and not to FW . The SW will end up sending traffic to
port connected to PC B directly . As it has learned mac address from that
port .
thus bypassing the FW.??
On Tue, Feb 8, 2011 at 2:19 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar> wrote:
> Picture this:
>
> 1) Have a switch with 2 vlans, some hosts connected at vlan A and some
> at vlan B. This is all that there is.
>
> Q: Can a host from vlan A talk to a host from vlan B ?
> A: No!
> (Do not follow if you do not agree)
>
> 2) Now get a cable (i.e. a cross patch), put one end on a vlan A port,
> and the other at a vlan B port.
>
> Q: Can a host from vlan A talk to a host from vlan B ?
> A: Yes!
> (Do not follow if you do not agree)
>
> 3) Now replace the cable with an intelligent switch, that decides
> packet by packet if it will let it go from one port to the other.
> (e.g. an ASA in transparent mode)
>
> You can call vlan A the "inside", vlan B the "outside" and the ASA
> is "the only door" to go from one side to the other.
>
> -Carlos
>
> imran ali @ 08/02/2011 05:31 -0300 dixit:
>
>> Hi group ,
>>
>> access pc's and servers are having ip addresses from a same subnet ie they
>> are sharing same broadcast domain..
>>
>> now i need to implement transparent mode asa firewall.
>>
>> but on switch i need to define two different vlans one for access pc's and
>> one for servers . just want to know the logic behind this .
>>
>> thanks
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 08 2011 - 14:51:22 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:49 ART