topic Re: Override BSR with static RP in Firepower possible? in Network Security

Override BSR with static RP in Firepower possible?

whowardctr — Wed, 07 Feb 2024 07:13:38 GMT

Have a pair of Firepower 2130 FTD's in HA, managed by Firepower Management Center. Is it possible to override the rp-mapping learned from the PIM bootstrap process with a static RP configuration?

I'm able to do it on the IOS, IOS XE, and NX-OS devices on the rest of the network with the ip pim rp-address [ip] [access-list] override command, but I can't seem to find a way to do it on the FTD's.

In the FMC, I have an RP configured with the "Use this RP for all Multicast Groups as specified below" with a standard ACL applied, but as soon as I allow bootstrap messages to reach the Firepower any established mroutes drop and I can't rejoin any of the streams.

I'll reconfigure if it's not possible, just wanted to see if I was missing anything.

Re: Override BSR with static RP in Firepower possible?

MHM Cisco World — Wed, 07 Feb 2024 12:34:29 GMT

If you have route-ftd-router and you want to pass multicast the only allow multicast dont need for ftd to run PIM for this traffic.

MHM

Re: Override BSR with static RP in Firepower possible?

whowardctr — Thu, 08 Feb 2024 00:54:39 GMT

Thanks for the reply. A little more info that I realize I should have added initially:

You are correct that it is router-ftd-router, however the ftd is in routed mode and each router is connected to the ftd in a different subnet, with OSPF handling the routes (we have multiple different routers/connections coming into the ftd externally). The routers are not PIM neighbors directly, they are neighbored to the ftd.

Considering that the ftd is routing the traffic between the zones, is it still the case that we can disable PIM?

Appreciate your help.