bvi and vlan traffic through router

Unanswered Question
Sep 25th, 2009
User Badges:

I have a 2811 router with a single BVI to a 2960 switch with 3 vlans. There is a transparent firewall on the 2811 router. Currently, traffic between 2 nodes on the same vlan segment traverses the transparent firewall causing latency. Is there a way to configure the vlan on the switch such that traffic will not be passed through the firewall when not leaving the vlan?

For example, a LAN based Nessus scan of hosts on VLAN1 from a port on VLAN1 causes the utilization on the router memory and processor to 100%. Thanks,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Fri, 09/25/2009 - 09:02
User Badges:
  • Purple, 4500 points or more

Are you running CBAC or a zone based firewall? Where is the policy for the firewall applied?



ruessd-wawa Fri, 09/25/2009 - 09:11
User Badges:

Zone based firewall, policy is applied to the BVIs. Such as

policy-map type inspect BVI1


This Discussion