PIM snooping not working

Unanswered Question
Apr 2nd, 2008

I am trying to implement PIM snooping on 6509 running 12.2-18-SXF11

But it is not working.

My topo:

sender

|

|

router(RP)

|

|

6509--firewall2(standby)

| | |

| ha |

| | |

firewall1---switch1----reciever

I am have enabled PIM snooping in the global config and under the vlan interface.

!

no ip http server

ip pim snooping

no ip pim snooping dr-flood

!

!

!

interface Vlan601

no ip address

ip pim snooping

!

6509-c4-01#sh ip pim snoop

Global runtime mode: Enabled

Global admin mode : Enabled

SGR-Prune Suppression: Enabled

Number of user enabled VLANs: 1

User enabled VLANs: 601

6509-c4-01#sh ip pim snoop mr

Flags: J/P - (*,G) Join/Prune, j/p - (S,G) Join/Prune

SGR-P - (S,G,R) Prune

VLAN 601: 2 mroutes

(*, 239.0.0.5), 19:16:50/00:02:45

132.1.1.1->132.1.1.20, 19:16:50/00:02:45, J

Downstream ports: 3/3

Upstream ports: 3/2

Outgoing ports: 3/2 3/3

(132.1.1.20, 239.0.0.5), 19:16:50/00:02:45

132.1.1.1->132.1.1.20, 19:16:50/00:02:45, j

Downstream ports: 3/3

Upstream ports: 3/2

Outgoing ports: 3/2 3/3

6509-c4-01#

I want to prevent multicast traffic from being flooded to all ports in VLAN 601.

There are 3 ports in vlan 601

e3/2, e3/3 and 3/4.

But the 6509 switch is flooding the multicast feed to all 3 ports.

Is there anyway to fix this?

Thanks!

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 04/02/2008 - 09:42

John

What devices are at the end of your 3 ports e3/2, e3/3 and 3/4. If they are servers/pc's then you need to use IGMP snooping not pim snooping. If they are routers then have you enabled IGMP snooping.

"Note To use PIM snooping, you must enable IGMP snooping on the Catalyst 6500 series switch. IGMP snooping restricts multicast traffic that exits through the LAN ports to which hosts are connected. IGMP snooping does not restrict traffic that exits through the LAN ports to which one or more multicast routers are connected"

Full link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/snooppim.html

Jon

johnr1975 Wed, 04/02/2008 - 10:13

Jon,

Thanks for your response!

I understand IGMP snooping is enabled by default.

6509-c4-01#sh run | i igmp

6509-c4-01#

6509-c4-01#sh ip igmp snooping mrouter

vlan ports

-----+----------------------------------------

601 Fa3/2,Fa3/3

6509-c4-01#

3/2 connects to RP

3/3 connect to firewall1

3/4 connects to backup firewall2

So per the URL you mentioned, PIM snooping should block the multicast traffic on port 3/4

Jon Marshall Wed, 04/02/2008 - 10:20

John

Apologies meant to give you a link to IGMP.

Anyway PIM snooping will not block traffic to a port with a firewall on it. You need IGMP snooping for that.

However if you haven't enabled PIM on the vlan 601 interface and from your config it looks like it isn't you need to either

1) enable PIM routing on vlan 601 interface

2) Enable the "igmp snooping querier" function on the 6500.

I would go with 2.

Edit - apologies having a bad day with links today :-)

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/snooigmp.html#wp1050624

Jon

johnr1975 Wed, 04/02/2008 - 12:52

Jon,

PIM snoop was already enabled under VLAN601 (config is there in my initial email).

I think in this scenario the firewalls are equivalent to routers as the Netscreen firewalls are configured for IGMP and PIM.

The reciever(PC) is connected to the firewall.

when the IGMP join is sent by the reciever to the firewall it will send the PIM join to the RP.

so when PIM snooping is enabled on the 6509 switch, it will "see" the PIM join from port 3/3 and detect the RP on port 3/2.

see below:

6509-c4-01#sh ip pim snoop

Global runtime mode: Enabled

Global admin mode : Enabled

SGR-Prune Suppression: Enabled

Number of user enabled VLANs: 1

User enabled VLANs: 601

6509-c4-01#sh ip pim snoop mr

Flags: J/P - (*,G) Join/Prune, j/p - (S,G) Join/Prune

SGR-P - (S,G,R) Prune

VLAN 601: 2 mroutes

(*, 239.0.0.5), 19:16:50/00:02:45

132.1.1.1->132.1.1.20, 19:16:50/00:02:45, J

Downstream ports: 3/3

Upstream ports: 3/2

Outgoing ports: 3/2 3/3

(132.1.1.20, 239.0.0.5), 19:16:50/00:02:45

132.1.1.1->132.1.1.20, 19:16:50/00:02:45, j

Downstream ports: 3/3

Upstream ports: 3/2

Outgoing ports: 3/2 3/3

But the switch is flooding the multicast on all the ports in the VLAN i.e. 3/4 as well.

I tried option 2 (IGMP querier) but even that didn't help.

any clues what I am doing is wrong?

Thanks!

John

Jon Marshall Thu, 04/03/2008 - 12:47

John

Can you post output of

"show ip igmp snooping mrouter vlan 601"

"sh ip igmp memebership"

"sh ip igmp interface"

Can you also confirm that Netscreens are using Pim v2 please.

Jon

Actions

This Discussion