Hey experts... I'm hoping that someone here can help me understand what the problem might be with our environment and multicast issues. I've read through dozens of threads here on cisco forum as well as fortinet and others. I've tried everything I can think of with limited success. I'll do my best to include all of the information and config, but please let me know if you need something more. To be up front, this is my first experience with multicast/informacast and I'm self-taught via the web.
We are experiencing an issue where we are not able to receive multicast broadcast (audio) from the server to the clients within a particular location. All unicast traffic is working fine and multicast broadcast work fine within each network on either side of the firewall. However, some traffic is able to pass through the firewall without issue. Very strange to me. The informacast documentation suggest this is a multicast routing issue.
Attached is an image showing our topology.
In the image you can see that the "client" pc is not able to receive audio broadcast from the server. (red line)
However, all clients inside the firewall are able to send/receive multicast broadcast from each other over several different VLANS without any issue. (green line) In addition, clients outside of the firewall are able to receive broadcast from the server without any issue. To troubleshoot the issue I added a temporary "TEST PC" connected to the switch between the two firewalls. That PC between the two firewalls is able to send and receive broadcast to/from both segments on either side of the firewalls. I can send/receive from both the server and the client to the Test PC without any issues.
So it would appear the firewalls are configured properly because the broadcast are passing through from each side to the TEST PC, however when I send a broadcast from the "SERVER" the "Client" does not receive it. I just can't understand why it's not working. The Fortigate 90d is configured with static routes (no dynamic routing enabled) and the multicast routing feature is disabled per their instructions. A multicast policy is enabled, per Fortinet TAC that should allow traffic to pass through. I have confirmed in my logs on the fortigate that I'm seeing multicast traffic from both sides.
Here are the configs:
Switch A 2960:
no ip igmp snooping
interface GigabitEthernet1/0/19 description link to fortinet switchport access vlan 3002 switchport mode access srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos auto qos voip cisco-phone service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
interface TenGigabitEthernet1/0/1 description UPLINK TO BCC switchport trunk allowed vlan 2,118,3002 switchport mode trunk srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos channel-group 2 mode active service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
ip igmp snooping querier query-interval 125 ip igmp snooping querier timer expiry 255 ip igmp snooping querier no ip igmp snooping
ip pim rp-address 10.222.255.224 1 ip pim rp-address 10.222.255.223 2
interface GigabitEthernet7/21 description -=-=- BCC 90d FW1 Int10 -=-=- switchport access vlan 102
interface Vlan100 description -=-=- SERVER VLAN -=-=- ip address 10.9.101.254 255.255.254.0 ip helper-address 10.9.100.70 ip helper-address 10.9.100.80 ip directed-broadcast ip pim sparse-dense-mode ! interface Vlan102 description -=-=- AUXILIARY SERVER VLAN - 1ST FLOOR -=-=- ip address 10.9.102.254 255.255.255.0 ip helper-address 10.9.100.70 ip helper-address 10.9.100.80 ip pim sparse-dense-mode ip igmp join-group 184.108.40.206 ip igmp query-interval 75
interface Vlan3002 ip address 10.222.2.33 255.255.255.0 ip pim sparse-dense-mode ip igmp join-group 220.127.116.11 ip igmp query-interval 75 !
Switch B 2960:
no ip igmp snooping
interface TenGigabitEthernet1/1/1 description -=-=- PORTCHANNEL TO 4510R CORE -=-=- switchport trunk native vlan 254 switchport mode trunk channel-group 1 mode on
interface GigabitEthernet3/0/7 description -=-=- Data Center PC & VOIP Phone -=-=- switchport access vlan 100 switchport mode access switchport voice vlan 120 spanning-tree portfast
PIM Information from 4510R Core which handles all multicast routing inside the firewall.
CH-CORE#show ip pim neighbor PIM Neighbor Table Neighbor Interface Uptime/Expires Ver DR Address Prio/Mode 10.222.2.4 Vlan102 1w0d/00:01:29 v2 1 / S P G 10.222.2.3 Vlan102 1w0d/00:01:20 v2 32768/ DR S P G 10.222.2.2 Vlan102 1w0d/00:01:18 v2 1 / S P G
CH-CORE#show ip pim rp Group: 18.104.22.168, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 22.214.171.124, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 126.96.36.199, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 188.8.131.52, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 184.108.40.206, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 220.127.116.11, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 18.104.22.168, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 22.214.171.124, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 126.96.36.199, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 188.8.131.52, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 184.108.40.206, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27 Group: 220.127.116.11, RP: 10.222.255.224, uptime 2w6d, expires never Group: 18.104.22.168, RP: 10.222.255.224, uptime 1w0d, expires 00:02:27
CH-CORE#show ip pim autorp AutoRP Information: AutoRP is enabled. RP Discovery packet MTU is 0. 22.214.171.124 is joined on Vlan102.
PIM AutoRP Statistics: Sent/Received RP Announce: 0/0, RP Discovery: 0/17440
Obviously there's a ton of "show" commands I could include, but I'll wait for your request and return them asap.
Thank you in advance!
... View more
I have a new Cisco 4431 ISR. It was purchased new with only one power supply.
I recently purchased a secondary power supply for reliability. I only want to use it for fault tolerance.
I followed the instructions to install and the unit shows a green light and the fan is working, but when I do the "show power" command it shows both power supplies, but the secondary power supply shows "zero watts".
Is this normal or did I get a bad power supply?
I'm guessing that maybe it only shows used wattage when it's actually in use and it's running idle because the other power supply is caring the load.
I want to test, but this unit carries the entire traffic for our organization and would require an after hours maintenance window.
Any insight? Is there a way to manually transfer power from one supply to the other for testing?
... View more