cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
807
Views
0
Helpful
8
Replies

Multicast on FWSM

img
Level 1
Level 1

HI,

I am testing my FWSM for Multicast support.

i have made a test set-up..

The Multicast sendor is in "inside"(VLAN 10) & reciever is in "outside"(VLAN 203).

Both the interfaces are not created on MSFC. its only L2 Vlan on 6509E switch.

I tried all my normal application works but multicast is not working though i have configured following on FWSM:

multicast-routing

interface Vlan10

nameif inside

security-level 100

ip address 5.5.5.3 255.255.255.0

igmp join-group 239.255.1.1

pim

interface Vlan203

nameif outside

security-level 0

ip address 6.6.6.1 255.255.255.0

igmp join-group 239.255.1.1

pim

access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 6.6.6.0 255.255.255.0 log debugging

access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 224.0.0.0 240.0.0.0 log debugging

access-list outside_access_in extended permit ip 6.6.6.0 255.255.255.0 5.5.5.0 255.255.255.0 log debugging

access-list outside_access_in extended permit ip 6.6.6.0 255.255.255.0 224.0.0.0 240.0.0.0 log debugging

static (inside,outside) 5.5.5.0 5.5.5.0 netmask 255.255.255.0

access-group ins_out in interface inside

access-group outside_access_in in interface outside

end

Please suggest the problem & workaround.

Thanks in advance!

regards

IMG

8 Replies 8

img
Level 1
Level 1

I am not getting any log on syslog related to igmp query & reponse neither any hit from sending host not receiving host.

Please suggest what is pending ?

Thanks

IMG

Which software version r u running?

FWSM Version 3.2

zubairjalal
Level 1
Level 1

Hi.

I think the problem lies in the ACL. Please change the ACL so that it points to specific multicast address..

access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 host 239.255.1.1 log debugging

239.255.1.1 is the multicast address i am using..

I don't think the acl is the problem, 224.0.0.0/4 cover the 239.255.1.1.

What I'll try is just make sure that igmp is enable in the necessary interfaces but don't use the join option.

Thanks for replying!

I removed the igmp group command still not working :)

is there any thing i need to do on 6509 ?

note: there is no vlan interface on MSFC as these are L2 vlan on switch & SVI ips are used as Gateway for the computers's connected in these vlans.

please suggest !

Thanks in advance!

What is the output of

sh igmp groups

sh igmp interfaces

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: