FWSM

img · ‎08-13-2007

Hi,

I am testing multicasting on FWSM wherein sender is at inside (VLAN 10) & receiver is at outside (VLAN 203).

Both VLAN 10 & VLAN 203 are not on MSFC and they are L2 Vlan on 6500 switch.

please suggest what shall i do on FWSM and MSFC to configure multicast in above scenario....

please share any configuration if possible.

Thanks in Advance!

regards

IMG

ssoberlik · ‎08-17-2007

Globally enable multicast (ip multicast-routing) , configure 'ip pim dense' on each mcast routing interface.

img · ‎08-18-2007

:

FWSM Version 3.1(3)

!

hostname FWSM

domain-name default.domain.invalid

multicast-routing

names

!

interface Vlan10

nameif inside

security-level 100

ip address 5.5.5.3 255.255.255.0

igmp join-group 239.255.1.1

!

interface Vlan203

nameif outside

security-level 0

ip address 6.6.6.1 255.255.255.0

igmp join-group 239.255.1.1

!

pim rp-address 6.6.6.1

ftp mode passive

access-list inside_access_outbound extended permit ip any host 239.255.1.1

access-list inside_access_outbound extended permit ip any any

access-list outside_access_inbound extended permit ip any host 239.255.1.1

access-list outside_access_inbound extended permit ip any any

pager lines 24

logging enable

logging console critical

logging buffered debugging

logging asdm informational

mtu outside 1500

mtu inside 1500

no failover

icmp permit any outside

icmp permit any inside

no asdm history enable

arp timeout 14400

nat-control

static (inside,outside) 5.5.5.0 5.5.5.0 netmask 255.255.255.0

access-group outside_access_inbound in interface outside

access-group inside_access_outbound in interface inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 5.5.5.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect skinny

inspect smtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:fee421e7d7b4cd36df35048be9ad91e1

: end

FWSM#

img · ‎08-18-2007

FWSM# sh mroute

Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group,

C - Connected, L - Local, I - Received Source Specific Host Report,

P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set,

J - Join SPT

Timers: Uptime/Expires

Interface state: Interface, State

(*, 239.255.1.1), 20:55:46/never, RP 6.6.6.1, flags: SCLJ

Incoming interface: Tunnel1

RPF nbr: 6.6.6.1

Outgoing interface list:

outside, Forward, 20:55:46/never

inside, Forward, 20:55:46/never

(*, 239.255.255.250), 00:01:47/never, RP 6.6.6.1, flags: SCJ

Incoming interface: Tunnel1

RPF nbr: 6.6.6.1

Outgoing interface list:

outside, Forward, 00:01:47/never

(6.6.6.10, 239.255.255.250), 20:43:23/00:03:06, flags: SFJT

Incoming interface: outside

RPF nbr: 6.6.6.10, Registering

Outgoing interface list:

Tunnel0, Forward, 20:43:23/never

FWSM# sh mroute

Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group,

C - Connected, L - Local, I - Received Source Specific Host Report,

P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set,

J - Join SPT

Timers: Uptime/Expires

Interface state: Interface, State

(*, 239.255.1.1), 21:04:14/never, RP 6.6.6.1, flags: SCLJ

Incoming interface: Tunnel1

RPF nbr: 6.6.6.1

Outgoing interface list:

outside, Forward, 21:04:14/never

inside, Forward, 21:04:14/never

(*, 239.255.255.250), 00:10:15/never, RP 6.6.6.1, flags: SCJ

Incoming interface: Tunnel1

RPF nbr: 6.6.6.1

Outgoing interface list:

outside, Forward, 00:10:15/never

(6.6.6.10, 239.255.255.250), 20:51:51/00:03:08, flags: SFJT

Incoming interface: outside

RPF nbr: 6.6.6.10, Registering

Outgoing interface list:

Tunnel0, Forward, 20:51:51/never

FWSM# sh conn

2 in use, 0 most used

Network Processor 1 connections

TCP out 5.5.5.1:3386 in 5.5.5.3:443 idle 0:00:22 Bytes 21788 FLAGS - UBOI

TCP out 5.5.5.1:3388 in 5.5.5.3:443 idle 0:00:03 Bytes 68854 FLAGS - UBOI

Network Processor 2 connections

Multicast sessions:

Network Processor 1 connections

Network Processor 2 connections

IPv6 connections:

FWSM# sh pim neighbor

No neighbors found.

FWSM# sh igmp traffic

IGMP Traffic Counters

Elapsed time since counters cleared: 21:06:16

Received Sent

Valid IGMP Packets 57 2429

Queries 0 1218

Reports 57 1211

Leaves 0 0

Mtrace packets 0 0

DVMRP packets 0 0

PIM packets 0 0

Errors:

Malformed Packets 0

Martian source 0

Bad Checksums 0

FWSM# debug pim neighbor

IPv4 PIM neighbor debugging is on

FWSM# IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

un all

img · ‎08-18-2007

FWSM# debug pim interface inside

IPv4 PIM interface debugging is on

for interface inside

FWSM# debug pim interface inside outside

IPv4 PIM interface debugging is on

for interface outside

FWSM# debug pim interface outside debug igm

FWSM# debug igmp

IGMP debugging is on

FWSM# debug pim nei

FWSM# debug pim neighbor

IPv4 PIM neighbor debugging is on

FWSM# IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IGMP: Send v2 general Query on inside

IGMP: Received v2 Query on inside from 5.5.5.3

IGMP: Set query report delay timer to 2.63 seconds for 239.255.1.1 on inside

IGMP: Send v2 general Query on outside

IGMP: Received v2 Query on outside from 6.6.6.1

IGMP: Set query report delay timer to 8.571 seconds for 239.255.1.1 on outside

IGMP: Processing group timers for 239.255.1.1 on inside

IGMP: Send v2 Report for 239.255.1.1 on inside

IGMP: Received v2 Report on inside from 5.5.5.3 for 239.255.1.1

IGMP: Updating EXCLUDE group timer for 239.255.1.1

IGMP: Received v2 Report on outside from 6.6.6.10 for 239.255.1.1

IGMP: Cancel report for 239.255.1.1 on outside

IGMP: Updating EXCLUDE group timer for 239.255.1.1

IGMP: Received v2 Report on outside from 6.6.6.10 for 239.255.255.250

IGMP: Updating EXCLUDE group timer for 239.255.255.250

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IGMP: Send v2 general Query on inside

IGMP: Received v2 Query on inside from 5.5.5.3

IGMP: Set query report delay timer to 3.968 seconds for 239.255.1.1 on inside

IGMP: Send v2 general Query on outside

IGMP: Received v2 Query on outside from 6.6.6.1

IGMP: Set query report delay timer to 5.714 seconds for 239.255.1.1 on outside

IGMP: Processing group timers for 239.255.1.1 on inside

IGMP: Send v2 Report for 239.255.1.1 on inside

IGMP: Received v2 Report on inside from 5.5.5.3 for 239.255.1.1

IGMP: Updating EXCLUDE group timer for 239.255.1.1

IGMP: Received v2 Report on outside from 6.6.6.10 for 239.255.255.250

IGMP: Updating EXCLUDE group timer for 239.255.255.250

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IGMP: Processing group timers for 239.255.1.1 on outside

IGMP: Send v2 Report for 239.255.1.1 on outside

IGMP: Received v2 Report on outside from 6.6.6.1 for 239.255.1.1

IGMP: Updating EXCLUDE group timer for 239.255.1.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

IPv4 PIM: Sending Hello on outside

IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1

IPv4 PIM: Sending Hello on inside

IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3

FWSM#

FWSM# unde all

img · ‎08-18-2007

FWSM(config)# access-list captureacl permit permit ip any host 239.255.1.1

FWSM(config)# access-list captureacl permit ip any host 239.255.1.1

FWSM(config)# cap

FWSM(config)# capture capin apout int

FWSM(config)# capture capout interface ou

FWSM(config)# capture capout interface outside acc

FWSM(config)# capture capout interface outside access-list captureacl

FWSM(config)# capture capout interface outside access-list captureacl$tside access-list captureacl \\\ capture capout interface outside access-list captureacl\\\\\\\\ in int

FWSM(config)# capture capin interface ins

FWSM(config)# capture capin interface inside acc

FWSM(config)# capture capin interface inside access-list captureacl

FWSM(config)# show ca

FWSM(config)# show capture capin

8 packets captured

1: 06:43:41.267890470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256

2: 06:43:42.267891470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256

3: 06:43:43.267892470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256

4: 06:43:44.267893470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256

5: 06:43:45.267894470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256

6: 06:43:46.267895470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256

7: 06:43:47.267896470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256

8: 06:43:48.267897470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256

8 packets shown

FWSM(config)# show capture capin

14 packets captured