cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
0
Helpful
4
Replies

Single VLAN Multicast through Diodes

sblakely
Level 1
Level 1

I have a device that is sending data to another. It passes from the sender, through a one-way data diode, into a Cisco 6509, accross a data trunk to a Juniper EX4300, then out and through another one-way data diode before finally getting to the receiver (see diagram). The route used to go through two EX4300's but we're working to convert from Juniper into Cisco. Now the the first 4300 has been replaced, the data no longer gets to the receiver.

Looking at wireshark packet captures, the culprit is the 6509 which isn't forwarding the traffic along the trunk.

The sender sends UDP packets to the multicast address 231.1.10.144 which the receiver listens for.

The two access ports connected to the diodes use VLAN 204 which is also on the trunk between the two switches.

I cannot replace the 4300 at this time nor can I enable 2-way communication for either the source or receiver. That has to stay the same. As these devices are the only two on this VLAN, is there a way to force the 6509 to flood the multicast traffic accross the VLAN by default? Or possibly another way to cause the multicast traffic to forward accross the trunk and to the receiver?

1 Accepted Solution

Accepted Solutions

NVM, It's working now. Originally I didn't have the VLAN 204 SVI but adding it in with the "no ip igmp snooping" added as well made the difference.

View solution in original post

4 Replies 4

Ramblin Tech
Spotlight
Spotlight

The Cat 6500 will flood BUM traffic throughout a broadcast domain (VLAN) by default, no special config needed except proper L2 plumbing between ports. Can you post your port and vlan configs, along with system particulars(Sup and linecard module models, IOS version), for the community to examine?

Disclaimer: I am long in CSCO

My instinct is that a multicast setting set up for another VLAN or globally is affecting the system but I can't find anything obvious.

Regardless, VLAN, Port, System, and IOS details attached.

NVM, It's working now. Originally I didn't have the VLAN 204 SVI but adding it in with the "no ip igmp snooping" added as well made the difference.

Torbjørn
Spotlight
Spotlight

As @Ramblin Tech mentioned this should work out of the box, and I can't see anything in the config snippet that should prevent this traffic. Is IGMP snooping enabled globally? Can easily be verified with show run | inc igmp snoop

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: