bvi and vlan traffic through router

Unanswered Question
Sep 25th, 2009

I have a 2811 router with a single BVI to a 2960 switch with 3 vlans. There is a transparent firewall on the 2811 router. Currently, traffic between 2 nodes on the same vlan segment traverses the transparent firewall causing latency. Is there a way to configure the vlan on the switch such that traffic will not be passed through the firewall when not leaving the vlan?

For example, a LAN based Nessus scan of hosts on VLAN1 from a port on VLAN1 causes the utilization on the router memory and processor to 100%. Thanks,

Dave

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Fri, 09/25/2009 - 09:02

Are you running CBAC or a zone based firewall? Where is the policy for the firewall applied?

HTH,

John

ruessd-wawa Fri, 09/25/2009 - 09:11

Zone based firewall, policy is applied to the BVIs. Such as

policy-map type inspect BVI1

Actions

This Discussion