Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cisco 300-710 Exam - Topic 8 Question 113 Discussion

Actual exam question for Cisco's 300-710 exam
Question #: 113
Topic #: 8
[All 300-710 Questions]

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment. What must be done to resolve this issue?

Show Suggested Answer Hide Answer
Suggested Answer: C

'In routed firewall mode, broadcast and multicast traffic is blocked even if you allow it in an access rule...' 'The bridge group does not pass CDP packets packets...' https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/configuration/general/asa-913-general-config/intro-fw.html

Passing Traffic Not Allowed in Routed Mode

In routed mode, some types of traffic cannot pass through the ASA even if you allow it in an access rule. The bridge group, however, can allow almost any traffic through using either an access rule (for IP traffic) or an EtherType rule (for non-IP traffic):

IP traffic---In routed firewall mode, broadcast and 'multicast traffic is blocked even if you allow it in an access rule,' including unsupported dynamic routing protocols and DHCP (unless you configure DHCP relay). Within a bridge group, you can allow this traffic with an access rule (using an extended ACL).

Non-IP traffic---AppleTalk, IPX, BPDUs, and MPLS, for example, can be configured to go through using an EtherType rule.

Note

'The bridge group does not pass CDP packets packets, or any packets that do not have a valid EtherType greater than or equal to 0x600. An exception is made for BPDUs and IS-IS, which are supported. '


by Crista at Aug 05, 2025, 04:52 AM

Limited Time Offer

25%

Off

Get Premium 300-710 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cristina
3 months ago
Totally agree with going routed, that’s the way to go!
upvoted 0 times
...
Jacquline
3 months ago
Definitely not B, bridge groups won't fix this.
upvoted 0 times
...
Misty
3 months ago
I think creating a firewall rule for CDP traffic could help too.
upvoted 0 times
...
Lisha
3 months ago
You need to change the firewall mode to routed for multicast.
upvoted 0 times
...
Darrin
4 months ago
Wait, can you really use multicast in a bridge mode? Sounds off.
upvoted 0 times
...
Buddy
4 months ago
If I recall correctly, changing the firewall mode to routed could help with multicast issues, but I need to double-check that.
upvoted 0 times
...
Van
4 months ago
I'm a bit confused about the bridge groups. I thought they were supposed to help with traffic flow, but now I'm not so sure.
upvoted 0 times
...
Glendora
5 months ago
I think we practiced a similar question where we had to allow CDP traffic. Maybe option A is the answer?
upvoted 0 times
...
Erasmo
5 months ago
I remember that multicast traffic can be tricky in bridge mode, but I'm not sure if changing the mode is the right approach here.
upvoted 0 times
...
Tiffiny
5 months ago
I'm not entirely sure about this one. The question is a bit tricky, and I'm not familiar with the specifics of Cisco FTD configurations. I'll have to think it through carefully before making a decision.
upvoted 0 times
...
Paulene
5 months ago
I'm leaning towards option C, changing the firewall mode to transparent. That seems like the most logical solution to allow the bridge group functionality to work properly.
upvoted 0 times
...
Noel
5 months ago
Okay, let me think this through. Since they're using bridge groups, the firewall is likely in transparent mode already. So I'm thinking the answer is to create a bridge group with the firewall interfaces, as mentioned in option B.
upvoted 0 times
...
Malcom
5 months ago
Hmm, I'm a bit confused. The question says they can't use multicast, but option A mentions allowing CDP traffic. I'm not sure if that's the right approach here.
upvoted 0 times
...
Quentin
6 months ago
This one seems straightforward. I think the answer is to change the firewall mode to transparent, since the question mentions they're using bridge groups to pass traffic.
upvoted 0 times
...
Valentin
6 months ago
Hold up, why are they even using a Cisco FTD if they can't see their own Cisco devices? This sounds like a job for a magic eight ball, not a certification exam. I'm going with C just for the laughs.
upvoted 0 times
...
Aleshia
6 months ago
This is a tricky one. I'm going to have to go with D. Changing the firewall mode to routed would allow the FTD to use multicast, which they mentioned they're unable to do in their current setup.
upvoted 0 times
Naomi
2 months ago
I agree with D. Multicast needs routed mode for sure.
upvoted 0 times
...
Rosann
3 months ago
I’m leaning towards C. Transparent mode might solve the issue.
upvoted 0 times
...
Marsha
3 months ago
But what about A? Allowing CDP could help.
upvoted 0 times
...
Marta
4 months ago
I think D is the best choice too. Routed mode makes sense.
upvoted 0 times
...
...
Hermila
7 months ago
I disagree, I believe the answer is C) Change the firewall mode to transparent.
upvoted 0 times
...
Katy
8 months ago
I think the answer is B) Create a bridge group with the firewall interfaces.
upvoted 0 times
...
Amber
8 months ago
I'm not sure about this one. The question mentions that they're using bridge groups, so I'm inclined to go with B. Creating a bridge group with the firewall interfaces seems like the logical choice here.
upvoted 0 times
...
Jordan
8 months ago
Hmm, I think the answer is C. Changing the firewall mode to transparent would allow the FTD to pass the CDP traffic and see the neighboring Cisco devices.
upvoted 0 times
...

Save Cancel