cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1315
Views
0
Helpful
7
Replies

enabling IP PIM / IGMP on trunk port-channel

afsharki2
Level 1
Level 1

Hello,

We have a mulcitast server that is firewalled but does not pass multicast traffic from the firewall to the n5k switch.  It only passes the mulitcast traffic when we take the multicast server off the firewall.  I'm presuming this is so becasue igmp/pim is not enabled on that port-channel trunk link between the fw and n5k switch.  How do I enable it?

 

Thank you

7 Replies 7

Francesco Molino
VIP Alumni
VIP Alumni
Hi

When you say if you take it off the fw it works. First, did you checked that igmp is enabled on the vlan that interconnects fw and your switch?

Have you validated that multicast traffic passes through firewall without being blocked?
What type of firewall do you have?
You can configure the firewall to connect to your rp outside of the firewall and then internal will be able to get this multicast traffic.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thanks for the response.  As far as the fw blocking multicast traffic, that's been verified that it does not.  yes, IGMP is enabled on that vlan that we are expecting to see the mcast traffic. 

What model of firewall do you have?
When issuing the show igmp groups, do you see something?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

It's a palo alto firewall.  When issuing that command, I don't see anything for that vlan. I think the reason I don't see anything is because that VLAN is not an svi defined vlan on that switch.  the scope/addresses is defined on that fw.

OK.
Here is PA doc took be able to forward the multicast traffic:
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Facilitate-Multicast-Routing-when-only-One-Palo-Alto/ta-p/53217

I'm not a PA expert but doing quite a lot of deployment and this doc works fine if you follow it step by step

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

yeah we did all that in the doc. 

Can you run a wireshark on PA to see if multicast traffic is received and forwarded back correctly?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: