Multicast VLAN Registration and its effects on Firewalls
I'm trying to get an understanding of how MVR interacts with a firewal. We have an ASA device connected to a switch through a trunk.
Multicast traffic enters our network on the outside VLAN, which has a port on the switch. The traffic goes over the trunk, where the firewall does its ACL and packet inspection, etc.. Once the traffic is in the network, it goes to the inside interface, which also happens to be on a separate VLAN on the switch, so the traffic ends up going back across the trunk.
We are seeing some packet loss on the trunk as a result of the volume of multicast traffic. When we enable mvr on the switch, the problem goes away. My concern is that by enabling mvr, we have bypassed the firewall somehow.
Can anyone confirm this or offer some insights?
We do use the mvr group command to limit mvr to only those multicast groups we want to receive, but I'm still not entirely clear on what it does vis a vis the firewall.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...