04-05-2013 05:44 AM - edited 03-07-2019 12:39 PM
Hi.
Me and my friend is testing multicast with MSDP peers.
My friend has a Cisco 1841 and I have a Cisco 1812.
We are running a GRE-tunnel across the internet and both our routers are connected via static routes and OSPF and all is working fine.
We then configured MSDP Peers so we can use IP PIM sparse-mode (Not dense-mode).
This configuration is working awesome.
The problem started when I installed a Cisco 3560CG in my apartment behind my Cisco 1812.
Our configuration is like this:
Friends LAN > Cisco 1841 > GRE TUNNEL over INTERNET > Cisco 1812 > Cisco 3560CG.
Our goal is to use multicast through the network.
I think there is a simple command missing from the Cisco 3560CG or something.
Can someone help me out?
I will print the configuration of my Cisco 1812 and my Cisco 3560CG below starting with the router.
I have a dummy-switch connected to Vlan 10 that all my PCs is connected to. When it was connected directly to the router, multicast worked fine.
--------------------
Cisco 1812
--------------------
version 15.1
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname Cisco1812
!
boot-start-marker
boot system flash c181x-adventerprisek9-mz.151-4.M5.bin
boot-end-marker
!
!
logging buffered 256000
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login VPN_xauth_1 local
aaa authorization network VPN_authorization_GROUP_1 local
!
!
!
!
!
aaa session-id common
!
clock timezone UTC 1 0
clock summer-time SUMMERTIME recurring last Sun Mar 2:00 last Sun Oct 3:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-85261156
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-85261156
revocation-check none
rsakeypair TP-self-signed-85261156
!
!
crypto pki certificate chain TP-self-signed-85261156
certificate self-signed 01
CERTIFICATE_HERE
quit
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 10.10.5.1 10.10.5.20
ip dhcp excluded-address 10.10.10.1 10.10.10.20
!
!
!
ip cef
ip domain name ********.com
ip name-server 208.67.220.220
ip name-server 208.67.222.222
ip multicast-routing
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool IPv6-DHCP-POOL
prefix-delegation 2001:470:28:3B::/64 00030001001AE2C31712
dns-server 2620:0:CCC::2
dns-server 2620:0:CCD::2
!
!
multilink bundle-name authenticated
!
!
!
!
class-map match-any internet_access
match protocol skype
!
!
policy-map internet_access
class internet_access
set dscp ef
bandwidth percent 10
!
!
crypto ctcp
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group quadzero
key quadzero
dns 208.67.222.222 208.67.220.220
domain *********.com
pool VPNQUADZERO
save-password
include-local-lan
netmask 255.255.255.0
!
crypto isakmp client configuration group split
key split
dns 208.67.222.222 208.67.220.220
domain ********.com
pool VPNSPLIT
acl 100
save-password
netmask 255.255.255.0
crypto isakmp profile VPN_ISAKMP_PROFILE_1
match identity group quadzero
match identity group split
client authentication list VPN_xauth_1
isakmp authorization list VPN_authorization_GROUP_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set IPsec_VPN_Transformset esp-aes 256 esp-sha-hmac
!
crypto ipsec profile VPN_IPsec_Profile_1
set transform-set IPsec_VPN_Transformset
set isakmp-profile VPN_ISAKMP_PROFILE_1
!
!
!
!
!
!
interface Loopback100
ip address 10.100.100.1 255.255.255.255
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:27:3B::2/64
ipv6 enable
tunnel source FastEthernet0
tunnel mode ipv6ip
tunnel destination 216.66.80.90
!
interface Tunnel1337
ip address 10.10.0.5 255.255.255.252
ip pim sparse-mode
tunnel source FastEthernet0
tunnel destination 217.210.9.19
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
description WAN
bandwidth 100000
ip address dhcp
no ip redirects
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
service-policy output internet_access
!
interface FastEthernet1
ip address 10.10.0.1 255.255.255.252
description LINK_BETWEEN_CISCO1812_AND_CISCO3560CG
ip pim sparse-mode
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address 2001:470:DE9E:1::1/64
ipv6 ospf 1 area 0
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
no ip address
spanning-tree portfast
!
interface FastEthernet5
no ip address
spanning-tree portfast
!
interface FastEthernet6
no ip address
spanning-tree portfast
!
interface FastEthernet7
switchport mode trunk
no ip address
!
interface FastEthernet8
switchport access vlan 5
no ip address
spanning-tree portfast
!
interface FastEthernet9
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN_IPsec_Profile_1
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
network 10.10.0.0 0.0.0.3 area 0
network 10.100.100.1 0.0.0.0 area 0
default-information originate
!
ip local pool VPNSPLIT 10.13.41.10 10.13.41.254
ip local pool VPNQUADZERO 10.13.40.10 10.13.40.254
no ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip pim rp-address 10.100.100.1
ip msdp peer 10.100.101.1 connect-source Loopback100
ip msdp peer 10.100.102.1 connect-source Loopback100
ip msdp cache-sa-state
ip msdp originator-id Loopback100
ip nat inside source list NAT interface FastEthernet0 overload
ip nat inside source static tcp 10.10.5.5 5000 interface FastEthernet0 5000
ip nat inside source static tcp 10.10.5.5 5001 interface FastEthernet0 5001
ip nat inside source static tcp 10.10.5.5 21 interface FastEthernet0 21
ip nat inside source static tcp 10.10.5.5 80 interface FastEthernet0 80
ip nat inside source static tcp 10.10.5.5 9090 interface FastEthernet0 9090
ip nat inside source static tcp 10.10.5.5 22 interface FastEthernet0 222
ip nat inside source static tcp 10.10.5.5 5006 interface FastEthernet0 5006
ip nat inside source static tcp 10.10.5.5 8080 interface FastEthernet0 8080
ip nat inside source static tcp 10.10.5.5 873 interface FastEthernet0 873
ip nat inside source static tcp 10.10.10.16 11155 interface FastEthernet0 11155
ip nat inside source static udp 10.10.10.16 11155 interface FastEthernet0 11155
ip nat inside source static tcp 10.10.10.16 11160 interface FastEthernet0 11160
ip nat inside source static udp 10.10.10.16 11160 interface FastEthernet0 11160
ip nat inside source static udp 10.10.5.5 9090 interface FastEthernet0 9090
ip route 10.0.1.0 255.255.255.0 Tunnel1337
ip route 10.100.101.1 255.255.255.255 Tunnel1337
ip route 0.0.0.0 0.0.0.0 dhcp 10
!
ip access-list extended NAT
permit ip 10.13.40.0 0.0.0.255 any
permit ip 10.13.41.0 0.0.0.255 any
permit ip 10.10.10.0 0.0.0.255 any
permit ip 10.10.5.0 0.0.0.255 any
permit ip 10.10.0.0 0.0.0.255 any
!
access-list 100 permit ip 10.13.37.0 0.0.0.255 any
access-list 100 permit ip 10.0.1.0 0.0.0.255 any
access-list 100 permit ip 10.0.0.0 0.0.0.3 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
ipv6 route ::/0 Tunnel0
ipv6 router ospf 1
default-information originate
!
!
!
!
!
snmp-server community ******** RO
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 60 0
logging synchronous
transport input ssh
line vty 5 15
exec-timeout 60 0
logging synchronous
transport input ssh
!
end
--------------------------------
Cisco 3560CG
--------------------------------
Current configuration : 4831 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco3560CG
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
system mtu routing 1500
ip routing
ip dhcp excluded-address 10.10.10.1 10.10.10.20
!
ip dhcp pool CLIENTS
network 10.10.10.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
domain-name ********.com
default-router 10.10.10.1
lease 0 6
!
ip dhcp pool SERVERS
network 10.10.5.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
domain-name ********.com
default-router 10.10.5.1
lease 0 6
!
!
ip domain-name yurezplace.com
ip multicast-routing distributed
ipv6 unicast-routing
!
!
crypto pki trustpoint TP-self-signed-503554176
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-503554176
revocation-check none
rsakeypair TP-self-signed-503554176
!
!
crypto pki certificate chain TP-self-signed-503554176
certificate self-signed 01
CERTIFICATE_HERE
quit
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip ftp username admin
!
!
interface Loopback100
ip address 10.100.102.1 255.255.255.255
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/4
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
no switchport
ip address 10.10.0.2 255.255.255.252
ip pim sparse-mode
ipv6 address 2001:470:DE9E:1::2/64
ipv6 ospf 1 area 0
!
interface Vlan1
no ip address
shutdown
!
interface Vlan5
ip address 10.10.5.1 255.255.255.0
ip helper-address 10.10.0.1
ipv6 address 2001:470:DE9E:4::1/64
ipv6 ospf 1 area 0
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
ip helper-address 10.10.0.1
ipv6 address 2001:470:DE9E:A::1/64
ipv6 ospf 1 area 0
!
router ospf 1
log-adjacency-changes
network 10.10.0.0 0.0.0.3 area 0
network 10.10.5.0 0.0.0.255 area 0
network 10.10.10.0 0.0.0.255 area 0
network 10.100.102.1 0.0.0.0 area 0
!
ip classless
ip route 10.100.101.1 255.255.255.255 10.10.0.1
no ip http server
ip http secure-server
ip pim rp-address 10.100.102.1
ip pim ssm default
ip msdp peer 10.100.101.1 connect-source Loopback100
ip msdp peer 10.100.100.1 connect-source Loopback100
ip msdp cache-sa-state
ip msdp originator-id Loopback100
!
ip sla enable reaction-alerts
ipv6 router ospf 1
log-adjacency-changes
!
!
!
!
line con 0
exec-timeout 60 0
logging synchronous
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
line vty 5 15
exec-timeout 60 0
logging synchronous
login local
!
end
04-05-2013 05:53 AM
Hi,
What is the issue?
Is the 3560 working as a layer-2 switch?
If yes, try enabling IGMP and test again.
HTH
04-05-2013 05:59 AM
You now have the full explanation. I accidently pressed Enter so I didn't get the full text.
Cisco 1812 to Cisco 3560 is a Layer-3 connection and my two Vlans 5 and 10 is SVIs on the 3560.
I can't enable #ip pim sparse-mode on the physial interfaces on the 3560 that I can do on the router.
Do you have any suggestions?
04-05-2013 06:34 AM
I think, only layer-2 multicast is supported on your 8 port 3560 switch and not layer-3.
See data sheet:
HTH
04-05-2013 03:29 PM
Where does it says that multicast doesn't work with routed links? I can't find that kind of information..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide