Hello,

This is my first post so I apologize If I make some mistakes.

I would appreciate your help in this environment.

I attach a physical/logical diagram to clarify.

The "X" means 3, we have different systems which are the same but the second octect.

In this scenario, I have some different zones which have to work as source and as a receptor for multicast flows.

Everything works but RED Domain.

I mean, from a LAN on black domain (2960-XR)  and also connected to ESPINA network (asa 5545). Both as source or destination

I have a laptop connected to Vlan 30 (10.3.30.97) and another on WAN_1 (172.16.3.90).

I have to be able to receive and originate multicast traffic from some vlans on the red domain to a device on WAN_1.

I am using multicast hammer to make the tests, this is not in production yet (because of me).

All interfaces between devices are in pim sparse-mode.

Wan router is acting as RP for all of them.

Here is relevant config.

SW-RED-ISO10#
interface Vlan10
 description ATM_LAN1
 ip address 10.201.0.1 255.255.0.0
 ip pim sparse-mode
!
interface Vlan11
 description ATM_LAN2
 ip address 10.202.0.1 255.255.0.0
 ip pim sparse-mode
!
interface Vlan12
 description ATM_RED
 ip address 10.3.12.1 255.255.255.0
 ip pim sparse-mode
!
interface Vlan20
 description VCS_LAN
 ip address 10.3.20.1 255.255.255.0
 ip pim sparse-mode
!
interface Vlan30
 description SENSORS
 ip address 10.3.30.1 255.255.255.0
 ip pim sparse-mode
!
interface Vlan101
 description FW-RED
 ip address 172.16.3.14 255.255.255.248
 ip pim sparse-mode

ip pim rp-address 192.168.10.3
ip route 0.0.0.0 0.0.0.0 172.16.3.9



Router-WAN-3#
interface Loopback0
 description RP-Multicast
 ip address 192.168.10.3 255.255.255.255
 ip pim sparse-mode

interface Port-channel1
 description RED_TRANS_2
 ip address 172.16.3.41 255.255.255.248
 ip pim sparse-mode
 negotiation auto

interface GigabitEthernet0/0/2
 description External Agency
 ip address 172.16.3.89 255.255.255.248
 ip pim sparse-mode
 media-type rj45
 negotiation auto

ip route 10.3.0.0 255.255.0.0 172.16.3.46

ip route 172.16.3.0 255.255.255.0 172.16.3.46

ip pim rp-address 192.168.10.3

And here is the output of my tshoot session.

It seems that pim is enabled correctly.

Router-WAN-3#sh ip pim inter
Address          Interface                Ver/   Nbr    Query  DR         DR
                                          Mode   Count  Intvl  Prior
192.168.10.3     Loopback0                v2/S   0      30     1          192.168.10.3
172.16.3.41      Port-channel1            v2/S   1      30     1          172.16.3.46
172.16.3.89      GigabitEthernet0/0/2     v2/S   0      30     1          172.16.3.89
10.10.200.3      Vlan200                  v2/S   1      30     1          10.10.200.3

SW-RED-ISO10#sh ip pim interface
Address          Interface                Ver/   Nbr    Query  DR         DR
                                          Mode   Count  Intvl  Prior
10.201.0.1       Vlan10                   v2/S   0      30     1          10.201.0.1
10.202.0.1       Vlan11                   v2/S   0      30     1          10.202.0.1
10.3.12.1        Vlan12                   v2/S   0      30     1          0.0.0.0
10.3.20.1        Vlan20                   v2/S   0      30     1          10.3.20.1
10.3.30.1        Vlan30                   v2/S   1      30     1          10.3.30.2
172.16.3.14      Vlan101                  v2/S   1      30     1          172.16.3.14

SW-RED-ISO10#sh ip pim nei
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
10.3.30.2         Vlan30                   01:04:21/00:01:22 v2    1 / DR S P G
172.16.3.9        Vlan101                  01:09:27/00:01:41 v2    1 / G

Router-WAN-3#sh ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable,
      L - DR Load-balancing Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
172.16.3.46       Port-channel1            00:46:14/00:01:42 v2    1 / DR S P G
10.10.200.1       Vlan200                  21:56:08/00:01:27 v2    1 / S P G

If I try to send traffic (pc on vlan 30 as server), it seems that register is successfull on SW-RED.

SW-RED-ISO10#sh ip mroute 239.4.52.44
(*, 239.4.52.44), 00:04:50/stopped, RP 192.168.10.3, flags: SP
  Incoming interface: Vlan101, RPF nbr 172.16.3.9
  Outgoing interface list: Null

(10.3.30.97, 239.4.52.44), 00:04:50/00:02:59, flags: PT
  Incoming interface: Vlan30, RPF nbr 0.0.0.0
  Outgoing interface list: Null

On WAN router, I can't see ip source of MC flow.

Router-WAN-3#sh ip mroute 239.4.52.44
(*, 239.4.52.44), 00:04:03/00:02:53, RP 192.168.10.3, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    GigabitEthernet0/0/2, Forward/Sparse, 00:00:06/00:02:53

Then, I try to use PC wan as source, and PC on LAN 30 as a client.

I see it ok on WAN router, but I don't receive traffic on pc on lan 30.

Router-WAN-3#sh ip mroute 239.4.52.44
(*, 239.4.52.44), 00:05:05/stopped, RP 192.168.10.3, flags: SJCF
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    GigabitEthernet0/0/2, Forward/Sparse, 00:01:08/00:02:58

(172.16.3.90, 239.4.52.44), 00:00:55/00:02:04, flags: PFT
  Incoming interface: GigabitEthernet0/0/2, RPF nbr 0.0.0.0
  Outgoing interface list: Null

As I said, we have this same scenario with other devices and other subnets and is working.

What I found out, is that I can't see SW RED sends PIM register to WAN router.

Here is the output of a working environment.

Router-WAN-1#debug ip pim 239.4.52.35
PIM debugging is on
Router-WAN-1#
2d04h: PIM(0): Check RP 192.168.10.1 into the (*, 239.4.52.35) entry
2d04h: PIM(0): Adding register decap tunnel (Tunnel1) as accepting interface of (*, 239.4.52.35).
2d04h: PIM(0): Building Triggered (*,G) Join / (S,G,RP-bit) Prune message for 239.4.52.35
Router-WAN-1#
2d04h: PIM(0): Building Periodic (*,G) Join / (S,G,RP-bit) Prune message for 239.4.52.35
Router-WAN-1#
2d04h: PIM(0): Received v2 Register on Port-channel1 from 172.16.1.14
2d04h:      for 10.1.30.97, group 239.4.52.35
2d04h: PIM(0): Adding register decap tunnel (Tunnel1) as accepting interface of (10.1.30.97, 239.4.52.35).
2d04h: PIM(0): Insert (10.1.30.97,239.4.52.35) join in nbr 172.16.1.46's queue
2d04h: PIM(0): Building Join/Prune packet for nbr 172.16.1.46
2d04h: PIM(0):  Adding v2 (10.1.30.97/32, 239.4.52.35), S-bit Join
2d04h: PIM(0): Send v2 join/prune to 172.16.1.46 (Port-channel1)
2d04h: PIM(0): Received v2 Register on Port-channel1 from 172.16.1.14
2d04h:      for 10.1.30.97, group 239.4.52.35
2d04h: PIM(0): Removing register decap tunnel (Tunnel1) as accepting interface of (10.1.30.97, 239.4.52.35).
2d04h: PIM(0): Installing Port-channel1 as accepting interface for (10.1.30.97, 239.4.52.35).
2d04h: PIM(0): Insert (10.1.30.97,239.4.52.35) join in nbr 172.16.1.46's queue
2d04h: PIM(0): Building Join/Prune packet for nbr 172.16.1.46
2d04h: PIM(0):  Adding v2 (10.1.30.97/32, 239.4.52.35), S-bit Join
2d04h: PIM(0): Send v2 join/prune to 172.16.1.46 (Port-channel1) (2 groups batched)
2d04h: PIM(0): Received v2 Register on Port-channel1 from 172.16.1.14
2d04h:      for 10.1.30.97, group 239.4.52.35
Router-WAN-1#
2d04h: PIM(0): Send v2 Register-Stop to 172.16.1.14 for 10.1.30.97, group 239.4.52.35
Router-WAN-1#
2d04h: PIM(0): Building Periodic (*,G) Join / (S,G,RP-bit) Prune message for 239.4.52.35
Router-WAN-1#

SW-RED-ISO10#
Jul 25 11:11:04.474: PIM(0): Check RP 192.168.10.1 into the (*, 239.4.52.35) entry
Jul 25 11:11:04.474: PIM(0): Building Triggered (*,G) Join / (S,G,RP-bit) Prune message for 239.4.52.35
Jul 25 11:11:04.474: PIM(0): Send v2 Register to 192.168.10.1 for 10.1.30.97, group 239.4.52.35
Jul 25 11:11:04.649: PIM(0): Received v2 Join/Prune on Vlan101 from 172.16.1.9, to us
Jul 25 11:11:04.652: PIM(0): Join-list: (10.1.30.97/32, 239.4.52.35), S-bit set
Jul 25 11:11:04.652: PIM(0): Add Vlan101/172.16.1.9 to (10.1.30.97, 239.4.52.35), Forward state, by PIM SG Join
Jul 25 11:11:04.963: PIM(0): Send v2 Register to 192.168.10.1 for 10.1.30.97, group 239.4.52.35
SW-RED-ISO10#
Jul 25 11:11:05.484: PIM(0): Send v2 Register to 192.168.10.1 for 10.1.30.97, group 239.4.52.35
Jul 25 11:11:05.488: PIM(0): Received v2 Register-Stop on Vlan101 from 192.168.10.1
Jul 25 11:11:05.488: PIM(0):   for source 10.1.30.97, group 239.4.52.35
Jul 25 11:11:05.488: PIM(0): Clear Registering flag to 192.168.10.1 for (10.1.30.97/32, 239.4.52.35)
SW-RED-ISO10#
Jul 25 11:12:02.859: PIM(0): Received v2 Join/Prune on Vlan101 from 172.16.1.9, to us
Jul 25 11:12:02.859: PIM(0): Join-list: (10.1.30.97/32, 239.4.52.35), S-bit set
Jul 25 11:12:02.859: PIM(0): Update Vlan101/172.16.1.9 to (10.1.30.97, 239.4.52.35), Forward state, by PIM SG Join
Jul 25 11:12:02.911: PIM(0): Building Periodic (*,G) Join / (S,G,RP-bit) Prune message for 239.4.52.35
SW-RED-ISO10#

On the other hand, in this same scenario (except some octect), I only get this.

Router-WAN-3#
2d04h: PIM(0): Check RP 192.168.10.3 into the (*, 239.4.52.41) entry
2d04h: PIM(0): Adding register decap tunnel (Tunnel1) as accepting interface of (*, 239.4.52.41).
2d04h: PIM(0): Building Triggered (*,G) Join / (S,G,RP-bit) Prune message for 239.4.52.41
Router-WAN-3#
2d04h: PIM(0): Building Periodic (*,G) Join / (S,G,RP-bit) Prune message for 239.4.52.41
Router-WAN-3#

SW-RED-ISO10#
Jul 25 11:55:59.524: PIM(0): Check RP 192.168.10.3 into the (*, 239.4.52.41) entry
Jul 25 11:55:59.524: PIM(0): Building Triggered (*,G) Join / (S,G,RP-bit) Prune message for 239.4.52.41

I am missing the PIM register from the SW to the router.

All intermediate firewalls have a permit any (I hope only temporary).

I'm sorry for all this big text, but I have no idea about the problem.

Any help would be so appreciated.

Thanks in advance.