cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
372
Views
0
Helpful
1
Replies
Highlighted
Beginner

Multicast confusion. Audio works for some, but not others. Multicast Routing Issue?

Hey experts... I'm hoping that someone here can help me understand what the problem might be with our environment and multicast issues. I've read through dozens of threads here on cisco forum as well as fortinet and others. I've tried everything I can think of with limited success. I'll do my best to include all of the information and config, but please let me know if you need something more. To be up front, this is my first experience with multicast/informacast and I'm self-taught via the web.

 

We are experiencing an issue where we are not able to receive multicast broadcast (audio) from the server to the clients within a particular location. All unicast traffic is working fine and multicast broadcast work fine within each network on either side of the firewall. However, some traffic is able to pass through the firewall without issue. Very strange to me. The informacast documentation suggest this is a multicast routing issue.

 

Attached is an image showing our topology. 

In the image you can see that the "client" pc is not able to receive audio broadcast from the server. (red line)

However, all clients inside the firewall are able to send/receive multicast broadcast from each other over several different VLANS without any issue. (green line) In addition, clients outside of the firewall are able to receive broadcast from the server without any issue. To troubleshoot the issue I added a temporary "TEST PC" connected to the switch between the two firewalls. That PC between the two firewalls is able to send and receive broadcast to/from both segments on either side of the firewalls. I can send/receive from both the server and the client to the Test PC without any issues.

 

So it would appear the firewalls are configured properly because the broadcast are passing through from each side to the TEST PC, however when I send a broadcast from the "SERVER" the "Client" does not receive it. I just can't understand why it's not working. The Fortigate 90d is configured with static routes (no dynamic routing enabled) and the multicast routing feature is disabled per their instructions. A multicast policy is enabled, per Fortinet TAC that should allow traffic to pass through. I have confirmed in my logs on the fortigate that I'm seeing multicast traffic from both sides. 

 

Here are the configs:

 

Switch A 2960:

no ip igmp snooping

 

interface GigabitEthernet1/0/19
description link to fortinet
switchport access vlan 3002
switchport mode access
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos voip cisco-phone
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

 

interface TenGigabitEthernet1/0/1
description UPLINK TO BCC
switchport trunk allowed vlan 2,118,3002
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
channel-group 2 mode active
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

 

Core 4510R:

ip multicast-routing

ip igmp snooping querier query-interval 125
ip igmp snooping querier timer expiry 255
ip igmp snooping querier
no ip igmp snooping

ip pim rp-address 10.222.255.224 1
ip pim rp-address 10.222.255.223 2

 

interface GigabitEthernet7/21
description -=-=- BCC 90d FW1 Int10 -=-=-
switchport access vlan 102

 

interface Vlan100
description -=-=- SERVER VLAN -=-=-
ip address 10.9.101.254 255.255.254.0
ip helper-address 10.9.100.70
ip helper-address 10.9.100.80
ip directed-broadcast
ip pim sparse-dense-mode
!

interface Vlan102
description -=-=- AUXILIARY SERVER VLAN - 1ST FLOOR -=-=-
ip address 10.9.102.254 255.255.255.0
ip helper-address 10.9.100.70
ip helper-address 10.9.100.80
ip pim sparse-dense-mode
ip igmp join-group 239.0.1.2
ip igmp query-interval 75

 

interface Vlan3002
ip address 10.222.2.33 255.255.255.0
ip pim sparse-dense-mode
ip igmp join-group 239.0.1.2
ip igmp query-interval 75
!

 

Switch B 2960:

no ip igmp snooping

 

interface TenGigabitEthernet1/1/1
description -=-=- PORTCHANNEL TO 4510R CORE -=-=-
switchport trunk native vlan 254
switchport mode trunk
channel-group 1 mode on

 

interface GigabitEthernet3/0/7
description -=-=- Data Center PC & VOIP Phone -=-=-
switchport access vlan 100
switchport mode access
switchport voice vlan 120
spanning-tree portfast

 

PIM Information from 4510R Core which handles all multicast routing inside the firewall.

 

CH-CORE#show ip pim neighbor
PIM Neighbor Table
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.222.2.4 Vlan102 1w0d/00:01:29 v2 1 / S P G
10.222.2.3 Vlan102 1w0d/00:01:20 v2 32768/ DR S P G
10.222.2.2 Vlan102 1w0d/00:01:18 v2 1 / S P G

 

CH-CORE#show ip pim rp
Group: 233.89.188.1, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 239.0.1.2, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 239.255.255.254, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 239.255.255.253, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 239.255.255.251, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 239.255.255.250, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 239.255.255.246, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 239.255.219.45, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 224.131.82.145, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 224.0.1.1, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 224.0.1.60, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
Group: 224.0.1.40, RP: 10.222.255.224, uptime 2w6d, expires never
Group: 224.0.1.127, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27

 

CH-CORE#show ip pim autorp
AutoRP Information:
AutoRP is enabled.
RP Discovery packet MTU is 0.
224.0.1.40 is joined on Vlan102.

PIM AutoRP Statistics: Sent/Received
RP Announce: 0/0, RP Discovery: 0/17440

 

Obviously there's a ton of "show" commands I could include, but I'll wait for your request and return them asap.

 

Thank you in advance!

Josh B.

image.png

 

 

1 REPLY 1
Highlighted
Collaborator

Hi,

 

What is the TTL of the multicast stream from the server? Why do you have igmp snooping disabled on your switches? is multicast routing configure on CBB FW?

 

thanks

John

**Please rate posts you find helpful**
Content for Community-Ad