Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2732
Views
0
Helpful
2
Replies

IP Multicast between VLANs via ASA 5540

micoogullari
Level 1
Level 1

‎07-16-2010 03:05 AM - edited ‎03-11-2019 11:12 AM

I am having problem with IP multicast in my environment. i have cisco 6500 core switch and cisco catalyst 3750 access switches. I am using all the switches as a layer 2. I have different VLANS and on the firewall i am having the subinterfaces for the VLANs.

The firewall VLANs interface  is the gateway for each VLAN and the firewall is doing all the routing.

on all the switches the ip igmp snooping is enabled.

on the firewall (ASA 5540) I enabled the IP multicast and IGMP / Multicast forwarding, PIM is enabled on all the interfaces/subinterfaces.

in all the 3750 switches if i run the command :

switch#sh ip igmp snooping querier

Vlan IP Address IGMP Version Port

-------------------------------------------------------------

2 10.2.0.1 v2 Po1

3 10.3.0.1 v2 Po1

4 10.4.0.1 v2 Po1

5 10.5.0.1 v2 Po1

6 10.6.0.1 v2 Po1

7 10.7.0.1 v2 Po1

these ip addresses are the vlan interfaces of the firewall.

I have the multicast source in Vlan 2 and i am able the see the multicast traffic from  that VLAN (Vlan2) without any problem. In addition to Vlan2  I am able the see the multicast traffic from one more VLAN but not from all the VLANs at the same time.

any idea?

Kind Regards,

mico

Labels:
0 Helpful
2 Replies 2

ian.vaughan
Level 1
Level 1

‎07-20-2010 01:36 PM

Hello,

Have you specifically allowed the return traffic?

Even with all of the IGMP settings and pim enabled properly there is one more thing to do...

Remember that multicast traffic isn't handled the same way as nice "stateful" unicast traffic by the firewall so returning traffic must be explictly allowed to return back to the originating server that hosts the multicast app otherwise it is dropped

Hope this helps.

Ian

0 Helpful

micoogullari
Level 1
Level 1
In response to ian.vaughan

‎07-26-2010 05:00 AM

Hi Ian,

thanks for your kind reply. on all the interfaces by using extended access lists i allowed all IP and igmp  traffic in both directions. but still no luck

i am able to establish mutlicast connection only from one VLAN at a time.  if i have connection from VLAN 3 then i am not able to have connection from VLAN 4 or 5.

if i establish the first connection from VLAN 4 for example  then  I am not able to connect from VLAN 3 or 5.

from all the VLANs i am able to connect to the  streaming server BUT not at the same time

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card