Imran,
No, The cam table contains mac adresses with their assosiated vlan. So a
packet from PC-B vlan 2 goes through the firewall. The cam table contains a
entry for PCA a in vlan 2 behind the firewall and a entry for pcA in vlan 1
to its connectend port
You are sending the packet from vlan 2 so it can not pass from vlan 1 to 2
you will have to go throught the firewall which is connected in both vlans
Kind regards,
Maarten Vervoorn
2011/2/8 imran ali <immrccie_at_gmail.com>
> Thanks Carlos
>
> Great answer.
>
> can you kindly explain this.
>
> --> when PC B (VLAN 2) sends any traffic to PC A (vlan 1) . The switch
> records the mac address in its cam table.
>
> when PC A sends any unicast traffic to PC B it will be send directly to
> port
> connected to PC B and not to FW . The SW will end up sending traffic to
> port connected to PC B directly . As it has learned mac address from that
> port .
>
> thus bypassing the FW.??
>
>
> On Tue, Feb 8, 2011 at 2:19 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar>
> wrote:
>
> > Picture this:
> >
> > 1) Have a switch with 2 vlans, some hosts connected at vlan A and some
> > at vlan B. This is all that there is.
> >
> > Q: Can a host from vlan A talk to a host from vlan B ?
> > A: No!
> > (Do not follow if you do not agree)
> >
> > 2) Now get a cable (i.e. a cross patch), put one end on a vlan A port,
> > and the other at a vlan B port.
> >
> > Q: Can a host from vlan A talk to a host from vlan B ?
> > A: Yes!
> > (Do not follow if you do not agree)
> >
> > 3) Now replace the cable with an intelligent switch, that decides
> > packet by packet if it will let it go from one port to the other.
> > (e.g. an ASA in transparent mode)
> >
> > You can call vlan A the "inside", vlan B the "outside" and the ASA
> > is "the only door" to go from one side to the other.
> >
> > -Carlos
> >
> > imran ali @ 08/02/2011 05:31 -0300 dixit:
> >
> >> Hi group ,
> >>
> >> access pc's and servers are having ip addresses from a same subnet ie
> they
> >> are sharing same broadcast domain..
> >>
> >> now i need to implement transparent mode asa firewall.
> >>
> >> but on switch i need to define two different vlans one for access pc's
> and
> >> one for servers . just want to know the logic behind this .
> >>
> >> thanks
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> > --
> > Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 08 2011 - 13:03:32 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:49 ART