08-13-2007 07:13 AM
Hi,
I am testing multicasting on FWSM wherein sender is at inside (VLAN 10) & receiver is at outside (VLAN 203).
Both VLAN 10 & VLAN 203 are not on MSFC and they are L2 Vlan on 6500 switch.
please suggest what shall i do on FWSM and MSFC to configure multicast in above scenario....
please share any configuration if possible.
Thanks in Advance!
regards
IMG
08-17-2007 08:18 AM
Globally enable multicast (ip multicast-routing) , configure 'ip pim dense' on each mcast routing interface.
08-18-2007 04:23 AM
:
FWSM Version 3.1(3)
!
hostname FWSM
domain-name default.domain.invalid
multicast-routing
names
!
interface Vlan10
nameif inside
security-level 100
ip address 5.5.5.3 255.255.255.0
igmp join-group 239.255.1.1
!
interface Vlan203
nameif outside
security-level 0
ip address 6.6.6.1 255.255.255.0
igmp join-group 239.255.1.1
!
pim rp-address 6.6.6.1
ftp mode passive
access-list inside_access_outbound extended permit ip any host 239.255.1.1
access-list inside_access_outbound extended permit ip any any
access-list outside_access_inbound extended permit ip any host 239.255.1.1
access-list outside_access_inbound extended permit ip any any
pager lines 24
logging enable
logging console critical
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
nat-control
static (inside,outside) 5.5.5.0 5.5.5.0 netmask 255.255.255.0
access-group outside_access_inbound in interface outside
access-group inside_access_outbound in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 5.5.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect skinny
inspect smtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:fee421e7d7b4cd36df35048be9ad91e1
: end
FWSM#
FWSM#
FWSM#
08-18-2007 04:34 AM
FWSM# sh mroute
Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group,
C - Connected, L - Local, I - Received Source Specific Host Report,
P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set,
J - Join SPT
Timers: Uptime/Expires
Interface state: Interface, State
(*, 239.255.1.1), 20:55:46/never, RP 6.6.6.1, flags: SCLJ
Incoming interface: Tunnel1
RPF nbr: 6.6.6.1
Outgoing interface list:
outside, Forward, 20:55:46/never
inside, Forward, 20:55:46/never
(*, 239.255.255.250), 00:01:47/never, RP 6.6.6.1, flags: SCJ
Incoming interface: Tunnel1
RPF nbr: 6.6.6.1
Outgoing interface list:
outside, Forward, 00:01:47/never
(6.6.6.10, 239.255.255.250), 20:43:23/00:03:06, flags: SFJT
Incoming interface: outside
RPF nbr: 6.6.6.10, Registering
Outgoing interface list:
Tunnel0, Forward, 20:43:23/never
FWSM# sh mroute
Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group,
C - Connected, L - Local, I - Received Source Specific Host Report,
P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set,
J - Join SPT
Timers: Uptime/Expires
Interface state: Interface, State
(*, 239.255.1.1), 21:04:14/never, RP 6.6.6.1, flags: SCLJ
Incoming interface: Tunnel1
RPF nbr: 6.6.6.1
Outgoing interface list:
outside, Forward, 21:04:14/never
inside, Forward, 21:04:14/never
(*, 239.255.255.250), 00:10:15/never, RP 6.6.6.1, flags: SCJ
Incoming interface: Tunnel1
RPF nbr: 6.6.6.1
Outgoing interface list:
outside, Forward, 00:10:15/never
(6.6.6.10, 239.255.255.250), 20:51:51/00:03:08, flags: SFJT
Incoming interface: outside
RPF nbr: 6.6.6.10, Registering
Outgoing interface list:
Tunnel0, Forward, 20:51:51/never
FWSM# sh conn
2 in use, 0 most used
Network Processor 1 connections
TCP out 5.5.5.1:3386 in 5.5.5.3:443 idle 0:00:22 Bytes 21788 FLAGS - UBOI
TCP out 5.5.5.1:3388 in 5.5.5.3:443 idle 0:00:03 Bytes 68854 FLAGS - UBOI
Network Processor 2 connections
Multicast sessions:
Network Processor 1 connections
Network Processor 2 connections
IPv6 connections:
FWSM# sh pim neighbor
No neighbors found.
FWSM# sh igmp traffic
IGMP Traffic Counters
Elapsed time since counters cleared: 21:06:16
Received Sent
Valid IGMP Packets 57 2429
Queries 0 1218
Reports 57 1211
Leaves 0 0
Mtrace packets 0 0
DVMRP packets 0 0
PIM packets 0 0
Errors:
Malformed Packets 0
Martian source 0
Bad Checksums 0
FWSM# debug pim neighbor
IPv4 PIM neighbor debugging is on
FWSM# IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
un all
08-18-2007 04:37 AM
FWSM# debug pim interface inside
IPv4 PIM interface debugging is on
for interface inside
FWSM# debug pim interface inside outside
IPv4 PIM interface debugging is on
for interface outside
FWSM# debug pim interface outside debug igm
FWSM# debug igmp
IGMP debugging is on
FWSM# debug pim nei
FWSM# debug pim neighbor
IPv4 PIM neighbor debugging is on
FWSM# IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IGMP: Send v2 general Query on inside
IGMP: Received v2 Query on inside from 5.5.5.3
IGMP: Set query report delay timer to 2.63 seconds for 239.255.1.1 on inside
IGMP: Send v2 general Query on outside
IGMP: Received v2 Query on outside from 6.6.6.1
IGMP: Set query report delay timer to 8.571 seconds for 239.255.1.1 on outside
IGMP: Processing group timers for 239.255.1.1 on inside
IGMP: Send v2 Report for 239.255.1.1 on inside
IGMP: Received v2 Report on inside from 5.5.5.3 for 239.255.1.1
IGMP: Updating EXCLUDE group timer for 239.255.1.1
IGMP: Received v2 Report on outside from 6.6.6.10 for 239.255.1.1
IGMP: Cancel report for 239.255.1.1 on outside
IGMP: Updating EXCLUDE group timer for 239.255.1.1
IGMP: Received v2 Report on outside from 6.6.6.10 for 239.255.255.250
IGMP: Updating EXCLUDE group timer for 239.255.255.250
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IGMP: Send v2 general Query on inside
IGMP: Received v2 Query on inside from 5.5.5.3
IGMP: Set query report delay timer to 3.968 seconds for 239.255.1.1 on inside
IGMP: Send v2 general Query on outside
IGMP: Received v2 Query on outside from 6.6.6.1
IGMP: Set query report delay timer to 5.714 seconds for 239.255.1.1 on outside
IGMP: Processing group timers for 239.255.1.1 on inside
IGMP: Send v2 Report for 239.255.1.1 on inside
IGMP: Received v2 Report on inside from 5.5.5.3 for 239.255.1.1
IGMP: Updating EXCLUDE group timer for 239.255.1.1
IGMP: Received v2 Report on outside from 6.6.6.10 for 239.255.255.250
IGMP: Updating EXCLUDE group timer for 239.255.255.250
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IGMP: Processing group timers for 239.255.1.1 on outside
IGMP: Send v2 Report for 239.255.1.1 on outside
IGMP: Received v2 Report on outside from 6.6.6.1 for 239.255.1.1
IGMP: Updating EXCLUDE group timer for 239.255.1.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
IPv4 PIM: Sending Hello on outside
IPv4 PIM: Received Hello with holdtime 105 on outside from 6.6.6.1
IPv4 PIM: Sending Hello on inside
IPv4 PIM: Received Hello with holdtime 105 on inside from 5.5.5.3
FWSM#
FWSM#
FWSM# unde all
08-18-2007 04:38 AM
FWSM(config)# access-list captureacl permit permit ip any host 239.255.1.1
FWSM(config)# access-list captureacl permit ip any host 239.255.1.1
FWSM(config)# cap
FWSM(config)# capture capin apout int
FWSM(config)# capture capout interface ou
FWSM(config)# capture capout interface outside acc
FWSM(config)# capture capout interface outside access-list captureacl
FWSM(config)# capture capout interface outside access-list captureacl$tside access-list captureacl \\\ capture capout interface outside access-list captureacl\\\\\\\\ in int
FWSM(config)# capture capin interface ins
FWSM(config)# capture capin interface inside acc
FWSM(config)# capture capin interface inside access-list captureacl
FWSM(config)# show ca
FWSM(config)# show capture capin
8 packets captured
1: 06:43:41.267890470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
2: 06:43:42.267891470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
3: 06:43:43.267892470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
4: 06:43:44.267893470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
5: 06:43:45.267894470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
6: 06:43:46.267895470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
7: 06:43:47.267896470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
8: 06:43:48.267897470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
8 packets shown
FWSM(config)# show capture capin
14 packets captured
1: 06:43:41.267890470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
2: 06:43:42.267891470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
3: 06:43:43.267892470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
4: 06:43:44.267893470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
5: 06:43:45.267894470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
6: 06:43:46.267895470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
7: 06:43:47.267896470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
8: 06:43:48.267897470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
9: 06:43:49.267898470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
10: 06:43:50.267899470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
11: 06:43:51.267900470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
12: 06:43:52.267901470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
13: 06:43:53.267902470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
14: 06:43:54.267903470 802.1Q vlan#10 P0 5.5.5.1 > 239.255.1.1: ip-proto-255, length 256
14 packets shown
FWSM(config)# show capture capin pout
0 packet captured
0 packet shown
FWSM(config)# show capture capout
0 packet captured
0 packet shown
FWSM(config)# show capture capout
0 packet captured
08-18-2007 04:39 AM
i cant find Multicast traffic passing through FWSM ?
Can some help me ?
Thanks in advance!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide