Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
4
Replies

Single VLAN Multicast through Diodes

Go to solution
sblakely
Level 1
Level 1

‎01-11-2024 12:27 PM

I have a device that is sending data to another. It passes from the sender, through a one-way data diode, into a Cisco 6509, accross a data trunk to a Juniper EX4300, then out and through another one-way data diode before finally getting to the receiver (see diagram). The route used to go through two EX4300's but we're working to convert from Juniper into Cisco. Now the the first 4300 has been replaced, the data no longer gets to the receiver.

Looking at wireshark packet captures, the culprit is the 6509 which isn't forwarding the traffic along the trunk.

The sender sends UDP packets to the multicast address 231.1.10.144 which the receiver listens for.

The two access ports connected to the diodes use VLAN 204 which is also on the trunk between the two switches.

I cannot replace the 4300 at this time nor can I enable 2-way communication for either the source or receiver. That has to stay the same. As these devices are the only two on this VLAN, is there a way to force the 6509 to flood the multicast traffic accross the VLAN by default? Or possibly another way to cause the multicast traffic to forward accross the trunk and to the receiver?

Labels:
Preview file
41 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sblakely
Level 1
Level 1
In response to sblakely

‎01-12-2024 11:32 AM

NVM, It's working now. Originally I didn't have the VLAN 204 SVI but adding it in with the "no ip igmp snooping" added as well made the difference.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ramblin Tech
Spotlight
Spotlight

‎01-11-2024 01:19 PM

The Cat 6500 will flood BUM traffic throughout a broadcast domain (VLAN) by default, no special config needed except proper L2 plumbing between ports. Can you post your port and vlan configs, along with system particulars(Sup and linecard module models, IOS version), for the community to examine?

Disclaimer: I am long in CSCO
0 Helpful

Go to solution
sblakely
Level 1
Level 1
In response to Ramblin Tech

‎01-12-2024 10:16 AM

My instinct is that a multicast setting set up for another VLAN or globally is affecting the system but I can't find anything obvious.

Regardless, VLAN, Port, System, and IOS details attached.

Preview file
6 KB
0 Helpful

Go to solution
sblakely
Level 1
Level 1
In response to sblakely

‎01-12-2024 11:32 AM

NVM, It's working now. Originally I didn't have the VLAN 204 SVI but adding it in with the "no ip igmp snooping" added as well made the difference.

0 Helpful

Go to solution
Torbjørn
Spotlight
Spotlight

‎01-12-2024 11:30 AM

As @Ramblin Tech mentioned this should work out of the box, and I can't see anything in the config snippet that should prevent this traffic. Is IGMP snooping enabled globally? Can easily be verified with show run | inc igmp snoop

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful
Customers Also Viewed These Support Documents