https://community.cisco.com/t5/network-security/warning-on-asa-when-multicast-is-enabled/m-p/3173922#M1066771 <P>I just activated multicast routing on a blank ASA and it warns with this message:</P><P><STRONG>WARNING: Interfaces part of explicit zone will not participate in multicast-routing</STRONG></P><P>&nbsp;</P><P>Could somebody clarify why it appears and what cisco means with explicit zone?</P><P>&nbsp;</P><P>Thanks,</P><P>Miquel</P> Fri, 21 Feb 2020 14:13:49 GMT msantiveri 2020-02-21T14:13:49Z https://community.cisco.com/t5/network-security/warning-on-asa-when-multicast-is-enabled/m-p/3173922#M1066771 <P>I just activated multicast routing on a blank ASA and it warns with this message:</P><P><STRONG>WARNING: Interfaces part of explicit zone will not participate in multicast-routing</STRONG></P><P>&nbsp;</P><P>Could somebody clarify why it appears and what cisco means with explicit zone?</P><P>&nbsp;</P><P>Thanks,</P><P>Miquel</P> Fri, 21 Feb 2020 14:13:49 GMT https://community.cisco.com/t5/network-security/warning-on-asa-when-multicast-is-enabled/m-p/3173922#M1066771 msantiveri 2020-02-21T14:13:49Z https://community.cisco.com/t5/network-security/warning-on-asa-when-multicast-is-enabled/m-p/3684107#M1066772 <P>I open a TAC case, and cisco responded that Multicast does not work on interfaces configured as part of a Traffic Zones. Since there is no written documentation of such restriction, I wanted to verify this and tried it on VIRL. As soon as I entered the "zone-member" command on the interface, then PIM was disabled on the interface. I have included show results before and after applying the zone to the interface.</P> <P>I hope this clarifies the warning message.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>VIRL-ASA(config-subif)# debug pim interface fl6</P> <P>VIRL-ASA(config-subif)# sh run interface GigabitEthernet0/2.300<BR />!<BR />interface GigabitEthernet0/2.300<BR /> description fl6<BR /> vlan 300<BR /> nameif fl6<BR /> security-level 90<BR /> ip address 3.3.3.254 255.255.255.0 <BR /> <BR />VIRL-ASA(config-subif)# sh pim interf</P> <P>Address Interface PIM Nbr Hello DR DR<BR /> Count Intvl Prior</P> <P>1.1.1.254 campus on 1 30 1 this system<BR />10.10.100.180 inside on 1 30 1 this system<BR />3.3.3.254 fl6 on 1 30 1 this system<BR />2.2.2.254 fusion on 0 30 1 this system</P> <P>VIRL-ASA(config-subif)# sh pim neigh</P> <P>Neighbor Address Interface Uptime Expires DR pri Bidir</P> <P>1.1.1.253 campus 00:24:18 00:01:20 1 <BR />10.10.100.80 inside 00:38:44 00:01:25 1 <BR />3.3.3.1 fl6 00:03:44 00:01:28 1</P> <P>&nbsp;</P> <P>VIRL-ASA(config-subif)# zone-member fl6</P> <P>&nbsp;</P> <P>!!!! debug showing that PIM was disabled for the interface. <BR />VIRL-ASA(config-subif)# IPv4 PIM: Interface fl6 disabled</P> <P>&nbsp;</P> <P>VIRL-ASA(config-subif)# sh run interface GigabitEthernet0/2.300<BR />!<BR />interface GigabitEthernet0/2.300<BR /> description fl6<BR /> vlan 300<BR /> nameif fl6<BR /> security-level 90<BR /> zone-member fl6<BR /> ip address 3.3.3.254 255.255.255.0 <BR /> <BR /> !!!! observe that now PIM is (off) in that interface <BR />VIRL-ASA(config-subif)# sh pim interf</P> <P>Address Interface PIM Nbr Hello DR DR<BR /> Count Intvl Prior</P> <P>1.1.1.254 campus on 1 30 1 this system<BR />10.10.100.180 inside on 1 30 1 this system<BR />3.3.3.254 fl6 <FONT color="#FF0000">off</FONT> 0 30 1 not elected<BR />2.2.2.254 fusion on 0 30 1 this system<BR />VIRL-ASA(config-subif)# sh pim neigh</P> <P>Neighbor Address Interface Uptime Expires DR pri Bidir</P> <P>1.1.1.253 campus 00:25:03 00:01:35 1 <BR />10.10.100.80 inside 00:39:29 00:01:39 1</P> <P><BR />VIRL-ASA(config-subif)# zone-member fl6<BR />VIRL-ASA(config-subif)# IPv4 PIM: Interface fl6 disabled</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 08 Aug 2018 13:24:19 GMT https://community.cisco.com/t5/network-security/warning-on-asa-when-multicast-is-enabled/m-p/3684107#M1066772 andres.sierra 2018-08-08T13:24:19Z