12-28-2008 11:45 PM - edited 03-11-2019 07:30 AM
In case of multicasting it is mentioned that igmp join-group is used when the users(who need access to some multicast group) are not able to send the igmp join messages, then PIX firewall will join to the required multicast group on the behalf of those users.What that means?
Then how the PIX firewall will selectively forward the multicast traffic to these users.
Will it mean that the users who are not able to send igmp requests will not be able to send the igmp join requests even till PIX firewall OR will it mean that the PIX firewall will push the multicast traffic to the required users..but how the PIX firewall will know which users want multicast traffic until that users request reach the fiewall.
12-29-2008 08:13 AM
PIX Firewall software version 6.2 enables you to statically configure multicast routes or use an Internet Group Management Protocol (IGMP) helper address for forwarding IGMP reports and leave announcements.
This list summarizes multicast support in this release.
*
Access list filters can be applied to multicast traffic to permit or deny specific protocols and ports.
*
Network Address Translation (NAT) and Port Address Translation (PAT) can be performed on the multicast packet source addresses only.
*
Multicast data packets with destination addresses in the 224.0.0.0/24 address range are not forwarded. However, everything else in the 224.0.0.0/8 address range is forwarded.
*
IGMP packets for address groups within the 224.0.0.0 through 224.0.0.255 range are not forwarded because these addresses are reserved for protocol use.
*
NAT is not performed on IGMP packets. When IGMP forwarding is configured, the PIX forwards the IGMP packets (report and leave) with the IP address of the helper interface as the source IP address.
HTH>
12-29-2008 04:33 PM
Thanks for your reply
But I could not understand above in relation to igmp join-group command.
I understand that the users who can send their igmp request messages (through PIX FW) to the multicast source can join the multicast group and we can enable the igmp forward from one interface to another.But my question is about the users who cannot send the igmp query message to the multicast source.
12-30-2008 01:15 AM
That is a seperate question now, this is not related to the pix, now this is pointing to the client. More specifically the version of IGMP v2 has enhancements over v1 - including join, query and leaveing.
HTH>
12-30-2008 04:06 PM
No actually
I am not asking any question about igmp V1 or 2.But My query is (as one of the cisco document says):-
1. Some clients(users) can send the igmp join request to the multicast source (through PIX Firewall) and they will get the multicast.
2. But some clients cannot sent the igmp join requests ,for these clients PIX will join the multicast group on behalf of these clients and then forward the multicast to these clients.My Question is how the Firewll will select that which clients(the one for which PIX has join the multicast group on their behalf) want multicast traffic--because their may still be some clients which may not want multicast.--Then how the PIX will selectively send multicast to the one who require it.OR it is like this that PIX will send multicast to all the clients(except the clients who has already joined some multicast group as mentioned in Point No. 1).
12-31-2008 03:32 AM
Ahhhh now I understand what you mean. If a client does not know that it wants to recevie multicast traffic - then it does not recevie it. BUT if the PIX is configured IGMP/Multicasting, and it has a muticast group address it acts as a multicast proxy device. IF the PIX is connected to a cisco switch - if the switch is or is not not configured for multicasting it's simple. The switch treats all UNKNOWN multicast packets the same way as a broadcast packet - it sends all unknown multicast packets out all interfaces except the one it was recevied on.
HTH>
01-04-2009 07:20 PM
OK Thanks
01-05-2009 01:35 AM
np - glad to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide