08-13-2007 04:04 AM - edited 03-11-2019 03:56 AM
HI,
I am testing my FWSM for Multicast support.
i have made a test set-up..
The Multicast sendor is in "inside"(VLAN 10) & reciever is in "outside"(VLAN 203).
Both the interfaces are not created on MSFC. its only L2 Vlan on 6509E switch.
I tried all my normal application works but multicast is not working though i have configured following on FWSM:
multicast-routing
interface Vlan10
nameif inside
security-level 100
ip address 5.5.5.3 255.255.255.0
igmp join-group 239.255.1.1
pim
interface Vlan203
nameif outside
security-level 0
ip address 6.6.6.1 255.255.255.0
igmp join-group 239.255.1.1
pim
access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 6.6.6.0 255.255.255.0 log debugging
access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 224.0.0.0 240.0.0.0 log debugging
access-list outside_access_in extended permit ip 6.6.6.0 255.255.255.0 5.5.5.0 255.255.255.0 log debugging
access-list outside_access_in extended permit ip 6.6.6.0 255.255.255.0 224.0.0.0 240.0.0.0 log debugging
static (inside,outside) 5.5.5.0 5.5.5.0 netmask 255.255.255.0
access-group ins_out in interface inside
access-group outside_access_in in interface outside
end
Please suggest the problem & workaround.
Thanks in advance!
regards
IMG
08-13-2007 04:09 AM
I am not getting any log on syslog related to igmp query & reponse neither any hit from sending host not receiving host.
Please suggest what is pending ?
Thanks
IMG
08-13-2007 12:38 PM
Which software version r u running?
08-13-2007 07:45 PM
FWSM Version 3.2
08-13-2007 10:52 PM
Hi.
I think the problem lies in the ACL. Please change the ACL so that it points to specific multicast address..
access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 host 239.255.1.1 log debugging
08-14-2007 01:40 AM
239.255.1.1 is the multicast address i am using..
08-14-2007 05:06 AM
I don't think the acl is the problem, 224.0.0.0/4 cover the 239.255.1.1.
What I'll try is just make sure that igmp is enable in the necessary interfaces but don't use the join option.
08-14-2007 05:16 AM
Thanks for replying!
I removed the igmp group command still not working :)
is there any thing i need to do on 6509 ?
note: there is no vlan interface on MSFC as these are L2 vlan on switch & SVI ips are used as Gateway for the computers's connected in these vlans.
please suggest !
Thanks in advance!
08-14-2007 06:11 AM
What is the output of
sh igmp groups
sh igmp interfaces
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: