Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
986
Views
0
Helpful
4
Replies

Need help with MSDP and Multicast on Cisco 3560

yurezplace
Level 1
Level 1

‎04-05-2013 05:44 AM - edited ‎03-07-2019 12:39 PM

Hi.

Me and my friend is testing multicast with MSDP peers.

My friend has a Cisco 1841 and I have a Cisco 1812.

We are running a GRE-tunnel across the internet and both our routers are connected via static routes and OSPF and all is working fine.

We then configured MSDP Peers so we can use IP PIM sparse-mode (Not dense-mode).

This configuration is working awesome.

The problem started when I installed a Cisco 3560CG in my apartment behind my Cisco 1812.

Our configuration is like this:

Friends LAN > Cisco 1841 > GRE TUNNEL over INTERNET > Cisco 1812 > Cisco 3560CG.

Our goal is to use multicast through the network.

I think there is a simple command missing from the Cisco 3560CG or something.

Can someone help me out?

I will print the configuration of my Cisco 1812 and my Cisco 3560CG below starting with the router.

I have a dummy-switch connected to Vlan 10 that all my PCs is connected to. When it was connected directly to the router, multicast worked fine. 

--------------------

Cisco 1812

--------------------

version 15.1

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname Cisco1812

!

boot-start-marker

boot system flash c181x-adventerprisek9-mz.151-4.M5.bin

boot-end-marker

!

!

logging buffered 256000

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login VPN_xauth_1 local

aaa authorization network VPN_authorization_GROUP_1 local

!

!

!

!

!

aaa session-id common

!

clock timezone UTC 1 0

clock summer-time SUMMERTIME recurring last Sun Mar 2:00 last Sun Oct 3:00

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-85261156

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-85261156

revocation-check none

rsakeypair TP-self-signed-85261156

!

!

crypto pki certificate chain TP-self-signed-85261156

certificate self-signed 01

CERTIFICATE_HERE

        quit

dot11 syslog

ip source-route

!

!

ip dhcp excluded-address 10.10.5.1 10.10.5.20

ip dhcp excluded-address 10.10.10.1 10.10.10.20

!

!

!

ip cef

ip domain name ********.com

ip name-server 208.67.220.220

ip name-server 208.67.222.222

ip multicast-routing

ipv6 unicast-routing

ipv6 cef

ipv6 dhcp pool IPv6-DHCP-POOL

prefix-delegation 2001:470:28:3B::/64 00030001001AE2C31712

dns-server 2620:0:CCC::2

dns-server 2620:0:CCD::2

!

!

multilink bundle-name authenticated

!

!

!

!

class-map match-any internet_access

match protocol skype

!

!

policy-map internet_access

class internet_access

  set dscp ef

  bandwidth percent 10

!

!

crypto ctcp

!

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 2

!

crypto isakmp client configuration group quadzero

key quadzero

dns 208.67.222.222 208.67.220.220

domain *********.com

pool VPNQUADZERO

save-password

include-local-lan

netmask 255.255.255.0

!

crypto isakmp client configuration group split

key split

dns 208.67.222.222 208.67.220.220

domain ********.com

pool VPNSPLIT

acl 100

save-password

netmask 255.255.255.0

crypto isakmp profile VPN_ISAKMP_PROFILE_1

   match identity group quadzero

   match identity group split

   client authentication list VPN_xauth_1

   isakmp authorization list VPN_authorization_GROUP_1

   client configuration address respond

   virtual-template 1

!

!

crypto ipsec transform-set IPsec_VPN_Transformset esp-aes 256 esp-sha-hmac

!

crypto ipsec profile VPN_IPsec_Profile_1

set transform-set IPsec_VPN_Transformset

set isakmp-profile VPN_ISAKMP_PROFILE_1

!

!

!

!

!

!

interface Loopback100

ip address 10.100.100.1 255.255.255.255

!

interface Tunnel0

description Hurricane Electric IPv6 Tunnel Broker

no ip address

ipv6 address 2001:470:27:3B::2/64

ipv6 enable

tunnel source FastEthernet0

tunnel mode ipv6ip

tunnel destination 216.66.80.90

!

interface Tunnel1337

ip address 10.10.0.5 255.255.255.252

ip pim sparse-mode

tunnel source FastEthernet0

tunnel destination 217.210.9.19

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

interface FastEthernet0

description WAN

bandwidth 100000

ip address dhcp

no ip redirects

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

service-policy output internet_access

!

interface FastEthernet1

ip address 10.10.0.1 255.255.255.252

description LINK_BETWEEN_CISCO1812_AND_CISCO3560CG

ip pim sparse-mode

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

ipv6 address 2001:470:DE9E:1::1/64

ipv6 ospf 1 area 0

!

interface FastEthernet2

no ip address

spanning-tree portfast

!

interface FastEthernet3

no ip address

spanning-tree portfast

!

interface FastEthernet4

no ip address

spanning-tree portfast

!

interface FastEthernet5

no ip address

spanning-tree portfast

!

interface FastEthernet6

no ip address

spanning-tree portfast

!

interface FastEthernet7

switchport mode trunk

no ip address

!

interface FastEthernet8

switchport access vlan 5

no ip address

spanning-tree portfast

!

interface FastEthernet9

switchport access vlan 10

no ip address

spanning-tree portfast

!

interface Virtual-Template1 type tunnel

ip unnumbered FastEthernet0

ip nat inside

ip virtual-reassembly in

tunnel mode ipsec ipv4

tunnel protection ipsec profile VPN_IPsec_Profile_1

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

network 10.10.0.0 0.0.0.3 area 0

network 10.100.100.1 0.0.0.0 area 0

default-information originate

!

ip local pool VPNSPLIT 10.13.41.10 10.13.41.254

ip local pool VPNQUADZERO 10.13.40.10 10.13.40.254

no ip forward-protocol nd

no ip http server

ip http authentication local

ip http secure-server

!

!

ip dns server

ip pim rp-address 10.100.100.1

ip msdp peer 10.100.101.1 connect-source Loopback100

ip msdp peer 10.100.102.1 connect-source Loopback100

ip msdp cache-sa-state

ip msdp originator-id Loopback100

ip nat inside source list NAT interface FastEthernet0 overload

ip nat inside source static tcp 10.10.5.5 5000 interface FastEthernet0 5000

ip nat inside source static tcp 10.10.5.5 5001 interface FastEthernet0 5001

ip nat inside source static tcp 10.10.5.5 21 interface FastEthernet0 21

ip nat inside source static tcp 10.10.5.5 80 interface FastEthernet0 80

ip nat inside source static tcp 10.10.5.5 9090 interface FastEthernet0 9090

ip nat inside source static tcp 10.10.5.5 22 interface FastEthernet0 222

ip nat inside source static tcp 10.10.5.5 5006 interface FastEthernet0 5006

ip nat inside source static tcp 10.10.5.5 8080 interface FastEthernet0 8080

ip nat inside source static tcp 10.10.5.5 873 interface FastEthernet0 873

ip nat inside source static tcp 10.10.10.16 11155 interface FastEthernet0 11155

ip nat inside source static udp 10.10.10.16 11155 interface FastEthernet0 11155

ip nat inside source static tcp 10.10.10.16 11160 interface FastEthernet0 11160

ip nat inside source static udp 10.10.10.16 11160 interface FastEthernet0 11160

ip nat inside source static udp 10.10.5.5 9090 interface FastEthernet0 9090

ip route 10.0.1.0 255.255.255.0 Tunnel1337

ip route 10.100.101.1 255.255.255.255 Tunnel1337

ip route 0.0.0.0 0.0.0.0 dhcp 10

!

ip access-list extended NAT

permit ip 10.13.40.0 0.0.0.255 any

permit ip 10.13.41.0 0.0.0.255 any

permit ip 10.10.10.0 0.0.0.255 any

permit ip 10.10.5.0 0.0.0.255 any

permit ip 10.10.0.0 0.0.0.255 any

!

access-list 100 permit ip 10.13.37.0 0.0.0.255 any

access-list 100 permit ip 10.0.1.0 0.0.0.255 any

access-list 100 permit ip 10.0.0.0 0.0.0.3 any

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

ipv6 route ::/0 Tunnel0

ipv6 router ospf 1

default-information originate

!

!

!

!

!

snmp-server community ******** RO

!

!

!

!

control-plane

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

exec-timeout 60 0

logging synchronous

transport input ssh

line vty 5 15

exec-timeout 60 0

logging synchronous

transport input ssh

!

end

--------------------------------

Cisco 3560CG

--------------------------------

Current configuration : 4831 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Cisco3560CG

!

boot-start-marker

boot-end-marker

!

!

!

!

no aaa new-model

system mtu routing 1500

ip routing

ip dhcp excluded-address 10.10.10.1 10.10.10.20

!

ip dhcp pool CLIENTS

   network 10.10.10.0 255.255.255.0

   dns-server 208.67.222.222 208.67.220.220

   domain-name ********.com

   default-router 10.10.10.1

   lease 0 6

!

ip dhcp pool SERVERS

   network 10.10.5.0 255.255.255.0

   dns-server 208.67.222.222 208.67.220.220

   domain-name ********.com

   default-router 10.10.5.1

   lease 0 6

!

!

ip domain-name yurezplace.com

ip multicast-routing distributed

ipv6 unicast-routing

!

!

crypto pki trustpoint TP-self-signed-503554176

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-503554176

revocation-check none

rsakeypair TP-self-signed-503554176

!

!

crypto pki certificate chain TP-self-signed-503554176

certificate self-signed 01

CERTIFICATE_HERE

  quit

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

ip ftp username admin

!

!

interface Loopback100

ip address 10.100.102.1 255.255.255.255

!

interface GigabitEthernet0/1

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/2

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/3

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/4

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/5

switchport access vlan 5

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/6

switchport access vlan 5

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/7

switchport access vlan 5

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/8

switchport access vlan 5

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

no switchport

ip address 10.10.0.2 255.255.255.252

ip pim sparse-mode

ipv6 address 2001:470:DE9E:1::2/64

ipv6 ospf 1 area 0

!

interface Vlan1

no ip address

shutdown

!

interface Vlan5

ip address 10.10.5.1 255.255.255.0

ip helper-address 10.10.0.1

ipv6 address 2001:470:DE9E:4::1/64

ipv6 ospf 1 area 0

!

interface Vlan10

ip address 10.10.10.1 255.255.255.0

ip helper-address 10.10.0.1

ipv6 address 2001:470:DE9E:A::1/64

ipv6 ospf 1 area 0

!

router ospf 1

log-adjacency-changes

network 10.10.0.0 0.0.0.3 area 0

network 10.10.5.0 0.0.0.255 area 0

network 10.10.10.0 0.0.0.255 area 0

network 10.100.102.1 0.0.0.0 area 0

!

ip classless

ip route 10.100.101.1 255.255.255.255 10.10.0.1

no ip http server

ip http secure-server

ip pim rp-address 10.100.102.1

ip pim ssm default

ip msdp peer 10.100.101.1 connect-source Loopback100

ip msdp peer 10.100.100.1 connect-source Loopback100

ip msdp cache-sa-state

ip msdp originator-id Loopback100

!

ip sla enable reaction-alerts

ipv6 router ospf 1

log-adjacency-changes

!

!

!

!

line con 0

exec-timeout 60 0

logging synchronous

line vty 0 4

exec-timeout 60 0

logging synchronous

login local

line vty 5 15

exec-timeout 60 0

logging synchronous

login local

!

end

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-05-2013 05:53 AM

Hi,

What is the issue?

Is the 3560 working as a layer-2 switch?

If yes, try enabling IGMP and test again.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swmcast.html

HTH

0 Helpful

yurezplace
Level 1
Level 1
In response to Reza Sharifi

‎04-05-2013 05:59 AM

You now have the full explanation. I accidently pressed Enter so I didn't get the full text.

Cisco 1812 to Cisco 3560 is a Layer-3 connection and my two Vlans 5 and 10 is SVIs on the 3560.

I can't enable #ip pim sparse-mode on the physial interfaces on the 3560 that I can do on the router.

Do you have any suggestions?

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to yurezplace

‎04-05-2013 06:34 AM

I think, only layer-2 multicast is supported on your 8 port 3560 switch and not layer-3.

See data sheet:

http://www.cisco.com/en/US/prod/collateral/switches/ps11527/ps11289/data_sheet_c78-639705_ps11290_Products_Data_Sheet.html

HTH

0 Helpful

yurezplace
Level 1
Level 1
In response to Reza Sharifi

‎04-05-2013 03:29 PM

Where does it says that multicast doesn't work with routed links? I can't find that kind of information..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card