By default, interfaces on the same security level can not communicate with each other. Allowing communication between same security interfaces let's traffic flow freely between all same security interface without access-lists.
To enable interfaces on the same-security level so that they can communicate with each other, enter the following command :
(config)#same-security-traffic permit inter-interface
But the question i have nerver asked myself is : what if we have 2 interfaces with the same security level and each having ACLs applied to each? Will the traffic still flow freely after typing the above command ? The answer is :
If you have "same-security-traffic permit inter-interface" configured and have 2 interfaces with same
"security-level" value and you have "access-list" configured on both interfaces then the ACLs will handle the decision of what traffic is allowed and what is not.
I found this answer right here, when i got this challenge of same-security level and ACLs.
Hope this will also help you.
No comments:
Post a Comment