Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Multicast VLAN Registration and its effects on Firewalls

I'm trying to get an understanding of how MVR interacts with a firewal.  We have an ASA device connected to a switch through a trunk.

Multicast traffic enters our network on the outside VLAN, which has a port on the switch.  The traffic goes over the trunk, where the firewall does its ACL and packet inspection, etc.. Once the traffic is in the network, it goes to the inside interface, which also happens to be on a separate VLAN on the switch, so the traffic ends up going back across the trunk.

We are seeing some packet loss on the trunk as a result of the volume of multicast traffic.  When we enable mvr on the switch, the problem goes away.  My concern is that by enabling mvr, we have bypassed the firewall somehow.

Can anyone confirm this or offer some insights?

We do use the mvr group command to limit mvr to only those multicast groups we want to receive, but I'm still not entirely clear on what it does vis a vis the firewall.

Thanks in advance.

351
Views
0
Helpful
0
Replies
CreatePlease to create content