Cisco Firewall :: ASA5520 - Stub Multicast Routing And Forwarding?

Jun 26, 2011

I can't seem to find where in ASDM (6.4.1), can we configure IGMP forwarding? ASA5520(config-if)# igmp forward interface outside The ASDM doc reference does not seem to be correct pointing to:configuring Stub Multicast Routing  

Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > Multicast > IGMP.
#Step 2 In the Multicast pane, check the Enable Multicast routing check box.
#Step 3 Choose MForwarding.
 
which generates:
 
ASA5520(config-if)# mfib forwarding

View 4 Replies


ADVERTISEMENT

Cisco Firewall :: ASA5520 - Stub Multicast Router On ASA

May 28, 2008

I'm swapping out a PIX, IOS 6.3 with an ASA 5520 v8.  The PIX has the following 2 commands in it's config:
 
multicast interface outside
multicast interface inside
 
These commands do not exist on the ASA.  I do not wish to enable multicast routing.  What commands on the ASA are equivalent to the multicast commands on the PIX?

View 2 Replies View Related

Cisco Switching/Routing :: 3750x Stack - EIGRP Stub With Non-stub Neighbors

Sep 16, 2012

we have 5 sites connected with a combination of direct fiber and Service Provider Ethernet. The equipmet consists of 3750 stacks with IP Services. Currently each site runs full EIGRP and is a EIGRP neightbor to all the other sites. Everything is working fine right now.
 
We would like to upgrade the R5 site to a 3750x stack with IP Base (cheaper than IP Services) and configure it as EIGRP Stub. My concern is with the following statement in the IOS command reference guide. 

Note Multi-access interfaces, such as ATM, Ethernet, Frame Relay, ISDN PRI, and X.25, are supported by the EIGRP Stub Routing feature only when all routers on that interface, except the hub, are configured as stub routers.   

View 2 Replies View Related

Cisco Wireless :: WLC 2504 / 3750 - Multicast Stub And Apple TV

Dec 17, 2012

We are experiencing some issues with the Apple TV and WLC. We currently have a Apple TV and iPhone same sub net connecting via Lightweight AP (different sub net) which connects to a Cisco3750 running IP Base. This connects to WAN routers managed by third party over a WAN and connects to far end Managed routers, these connect to other Cisco3750 IP Base and onto a 2504 Wireless LAN controller. We have used the the following document for WLC configuration; [URL]
 
We turn on Multicast globally, with IGMP snooping enabled also enable Multicast Multicast under controller (only option available on 2504) and give the device  M Cast address 239.21.1.150 . The P2P blocking action is disabled. Going to Monitor Multicast we can see the Report for 224.0.0.251 and MGID. However the issue is at the Sender Receiver side the iPhone cannot see the Airplay on the iPhone that should be seen if the end to end stream is working. My focus is now on the Cisco3750's, although I do not totally understand why the device needs Multicast enabled as the Multicast Join and Group Traffic is encapsulated in the CAP WAP Tunnel is it not? Anyway I have enabled the only option "ip multicast routing distributed" and under the V LANs that connect to WLC and AP the only option available is the "ip pim passive" there is no "ip pim sparese-dense mode"
 
I am sure the WLC is configured correctly, but I suspect that this will not work due to the IP Base image on the 3750's not being able to run full multicast or we need to use uni cast for this solution that the 2504 does not support.

View 5 Replies View Related

Cisco Switching/Routing :: Configuration Multicast Packet Forwarding On 3750?

Mar 3, 2013

I have one server which run some application for wireless user. this server forward multicast  packet to wireless user. server and wlc physically connect to cisco 3750 switch.i want the server forward the multicast packet to wireless users.server access vlan 4.wlc controller have 2 vlan: 90 and 110.and wireless user some of vlan 90 and some of vlan 110.i enable igmp snooping on wireless controller. and enable globally command but it is not working.which additional configuration i need on cisco switch.
 
Switch(config)# ip igmp snooping

View 16 Replies View Related

Cisco Switching/Routing :: GNS3 - Stub Router Not Updating Routing Table - EIGRP

Nov 14, 2012

We have small which I'm looking to implement and have built this on GNS3.
 
We have:
 
Router A in site 1
Router B in site 2
Router C in site 3
 
Router A and B are connection via a point to point 100M link and from Router C we have a 2 point to point one of which is 5Mpbs and going to Router A and Router B.
 
For Router C to reach Router A network it will go via Router B and these are 100M connection. When the link between Router A and B goes down. Router C should update and start using the 5m route.
 
For some reson, the routes are not updating. I have to do 'clea ip eigrp ne' for the routes to update and if I reload the routers all works well, it seems the problem is intermittent.

View 13 Replies View Related

Cisco WAN :: Multicast Routing Between Vrf (Cat 3750) - Multicast Vpn Extranet?

Feb 19, 2013

I try to pass multicast traffic between two vrf on the same 3750 switch. I have IP services IOS and sdm template routing.
 
here is my config:
 
ip routing
!
ip vrf vpn2
rd 1:1
mdt default 232.1.1.1
route-target export 1:1
route-target import 1:1

[code]....
 
Now I'm stuck - I don't know what to do to pass multicast traffic. Do I have any chance to run this config on 3750 chassis?Perhaps "Configuring Multicast VPN Extranet Support" document will be useful, but it concerns Catalyst 6500? [URL]

View 0 Replies View Related

Cisco Firewall :: 5540 PIM Multicast Routing In ASA Scenario

Jun 19, 2011

We have an ASA-5540 (8.4(1))  The inside interface faces a few multicast receivers. The outside interface faces the multicast source.All of the ASA multicast documents I've download describe very simple network designs, such as a single segment on the ASA inside.Our PC hosts that will be multicast receivers are a couple router hops away from the ASA inside interface. I'm not sure what the best way is to configure multicast on the ASA.Should I configure the ASA with PIM routing and a static RP address (plus the ACL to allow the multicast source traffic in) since the receiver hosts are a couple hops away?  I think I understand the IGMP joins are for a local PIM router, so configuring as a Stub Multicast router wouldn't work? The two Cisco routers between the host and the inside ASA interface already have PIM, a static RP address, and IP PIM Spare-Mode configured.

View 1 Replies View Related

Cisco Firewall :: ASA5520 To ASA5520 Via L2L Tunnel

May 31, 2011

Our firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
 
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
 
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
 
My 2nd is that I have debug enabled on my rules but am not logging anything.

View 1 Replies View Related

D-Link DIR-655 :: Multicast (IPTV) Forwarding Broken In 1.21EU And 1.31EU

May 15, 2010

Upgrading the firmware from 1.11EU to 1.21EU and 1.31EU has introduced a problem with multicast (IPTV) streams. I have enabled multicast streams and it seems the router no longer forwards a specific address range, in my case 239.139.128.* on port 1234.

I have checked: Streaming from 233.81.233.* works in 1.11EU, 1.21EU and 1.31EUStreaming from 24.1.3.* works in 1.11EU, 1.21EU and 1.31EUStreaming from 239.139.128.* works only in 1.11EUUsing IGMP proxy on Linux I have checked the stream at 239.139.128.* are available as to be sure the DIR-655 is not forwarding them. I see a lot of forum messages stating IPTV streaming is broken since firmware 1.11. It is however working for me in 1.31EU but only for certain address ranges. Can anything be configured to allow 239.139.128.* to work? Because my TV provider uses the 239.139.128.* range for half the IPTV channels I need to get this working.

Related to this, is there page listing known bugs for the DIR-655 and roadmap for future firmware releases?

View 2 Replies View Related

Cisco Switching/Routing :: RV082 Firewall Multicast Pass Through

Feb 19, 2012

WAN1 <-> LAN traffic
WAN2 <-> LAN traffic
WAN1 <-> WAN2 traffic?
 
Say, it is set DISABLED, what is / isn't blocked?
 
It reads: Multicast Pass Through IP Multicasting occurs when a single data transmission is sent to multiple  recipients at the same time. Using this feature, the Router allows IP multicast  packets to be forwarded to the appropriate computers.

View 1 Replies View Related

Cisco Switching/Routing :: 3560 - Advertise Default Routes From EIGRP Stub?

Feb 13, 2013

I have a 3560 with IP base that is acting as a true EIGRP stub router today.  It advertises local routes to the upstream service provider router and receives a default route.
 
Now I want to connect a 3900 ISR as a voice gateway.  The 3560 does not seem to be advertising any routes to the 3900.  Ok the EIGRP stub doc says this:
 
Only specified routes are  propagated from the remote (stub) router. The router responds to queries  for summaries, connected routes, redistributed static routes, external  routes, and internal routes with the message "inaccessible." A router  that is configured as a stub will send a special peer information packet  to all neighboring routers to report its status as a stub router.
 
# Any neighbor that receives a packet informing it of the stub status will  not query the stub router for any routes, and a router that has a stub  peer will not query that peer. The stub router will depend on the  distribution router to send the proper updates to all peers.
 
I guess I don't understand why the stub advertises local routes to the upstream ISP router but does not seem to advertise routes to the 3900.  Does the stub identify the ISP router as the distribution router somehow, thus differentiating it from the 3900?  If so, how is this done?
 
show ip eigrp neighbor detail on the 3900:
 
EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
(sec)         (ms)       Cnt Num

[Code].....

View 4 Replies View Related

Cisco Switching/Routing :: 3560x - Running IP Services And Error When Disabling EIGRP Stub

Jan 15, 2013

I have A 3560x running 12.2(58)SE2 and jus tupgraded to IP services to allow Enhanced EIGRP as found on feature navigator. I need to run full EIGRP and disable Stub.
 
however, when I try to disable it, I get this error:
 
dist2-3560x(config-router)#do sho licenseIndex 1 Feature: ipservices            Period left: Life time        License Type: Permanent        License State: Active, In Use        License Priority: Medium        License Count: Non-Counted
Index 2 Feature: ipbase                 Period left: 0  minute  0  second  Index 3 Feature: lanbase                Period left: Life time        License Type: Permanent        License State: Active, Not in Use        License Priority: Medium        License Count: Non-Counted
dist2-3560x(config-router)#no eigrp stub connected summaryEIGRP is restricted to stub configurations only on this platform.
 
I have installed the license and rebooted. by all indications th elicense is installed and should allow for Full EIGRP routing.

View 2 Replies View Related

Cisco Firewall :: ASA5520 Routing Packets To Wrong Interface?

Apr 17, 2012

We have an ASA5520 running ver 7.0(8), nat-control is disabled. On the "outside" interface we have a closed network which is publicly addressed i.e. no access to Internet. We also have two Vlan interfaces on a trunk connection i.e. "inside" interface (Vlan7) and "dmz" interface (Vlan802). Traffic from the "outside" to "inside" is statically NAT'd such that the public IP is translated to a private IP when accessing the "inside" interface. However, our OSS servers on the "dmz" interface need to be able to receive packets from the public IP addresses on the "outside" . All is okay with the outside to inside traffic and traffic initiated from the OSS servers on the "dmz" to the outside works okay (snmp gets etc) i.e. the servers receive reply packets from the public addresses of the outside devices.
 
However, traffic that originates on the "outside" interface (snmp traps etc) which is destined for the "dmz" is actually being routed to the "inside" interface and therefore the public source address is being NAT'd by the static NAT command. The access-list "in_on_outside" has relevant entries to allow connectivity from outside to dmz, we have tried a static nat command (outside, dmz) to maintain the public addressing but this made no difference and also a nat exempt. With ########nat-control disabled - do I still need a translation or NAT exempt for the "outside" <> "dmz" traffic flow, if so how should this look ?

View 11 Replies View Related

Cisco Switching/Routing :: 3750 Switch - Eigrp Stub Static Redistributed Command Executable?

Feb 29, 2012

On 3750 switch with IOS c3750-ipbasek9-mz.122-55.SE4.bin  "eigrp stub static redistributed" command will be executable ?

View 1 Replies View Related

Cisco Firewall :: ASA5520 8.21 - Setup Routing For Non-contiguous Address Range?

Apr 13, 2011

ISP assigned us the following:xxx.yyy.zzz.32/30 as the outside interface network.This means .33 is the next hop, gateway, or default route.This means .34 is the outside interface on the ASA.xxx.yyy.zzz.64/26 as the ip address pool.This means xxx.yyy.zzz.65 to xxx.yyy.zzz.127 is the address pool.xxx.yyy.zzz is identical in all cases.Addresses .35 through .63 are owned by other parties and are not usable to us.The 33-34 setup works using static routing - IPSEC VPN is setup and functioning properly using these addresses.

[ie. Route outside 0.0.0.0 0.0.0.0 xxx.yyy.zzz.33] 
 
After NAT and ACL entries are created to provide altnernate external IP address on the outside interface [ie. static (inside,outside) [external ip] [name] netmask 255.255.255.255 and access-list [name2] extended permit tcp any host [alternate outside ip] eq https], attempting to browse to an internally hosted website from an external IP address results in the following messages in the ASDM log.
 
6 Apr 14 2011 17:58:51 110003 [redacted external IP Address] 37763 [Internal Website Name] 80 Routing failed to locate next hop for TCP from Outside:[redacted external IP Address]/37763 to Inside:[Internal Website Name]/80
 
How do I setup routing for this non contiguous address range?

View 4 Replies View Related

Cisco Firewall :: Forwarding Rule ASA5508 Choose While There Is Routing Exist And NAT

Nov 23, 2011

I have a ASA5508 running in 8.3(2) and without enable NAT. If I do a static network address translation for a inside address. any Implict rule in xlate?In another words, what is the forwarding rule ASA choose while there is routing exist and NAT? Do I need to setup bypassing NAT?

View 3 Replies View Related

Cisco Firewall :: ASA5520 Bypass All Network Through Firewall

Dec 22, 2011

With regarding to the firewall ASA5520, i'm using it in my network, all the confiuration are properly configured and working but with the use of proxy address in internet explorer(e.:206.53.155.129/3128) all the blocked contents as easily accessible simply it bypass all the network through firewall.so will u guide me to block the proxy servers.

View 1 Replies View Related

Cisco :: MP-BGP (and Not BGP) To Exchange Multicast Prefixes Between Multicast Domains?

Apr 18, 2012

Why do we need MP-BGP (and not BGP) to exchange multicast prefixes between multicast domains?

View 2 Replies View Related

Cisco WAN :: 3750 / EIGRP Stub At The Edge?

Apr 24, 2012

I am looking to implement 25 Cisco 3750 switches with IPBASE image at the edge, across many cabinets.  I understand I am limited to EIGRP Stub on the 3750 switches (with IPBase) and cannot acheive funding to upgrade to IPServices.  Though I am not fully aware on the limitations, in terms of what I am trying to acheive.
 
Broadly speaking I want to install 2 x 3750 switches at the edge, with point-to-point links to two 6500 core switches (at the data centre) and then have HSRP interfaces on the 3750's, tracking the up links to the core switches.  I am presuming this will be the best solution to ensure reliability.My 6500 switches run EIGRP and have many VLANs and other L3 networks advertised, which will need advertising to the 3750 switches.  I would be looking to advertise two or three HSRP networks on the 3750 switches, up to the core switches.At the moment, the entire network is Layer 2 (VLANS + STP).
 
how to configure EIGRP across the 3750 switches and 6500 switches to allow for the 3750's to see the whole network and also advertise back up it's directly connected (HSRP) networks to the core.  At the moment, after configuration, none of the switches see each other as EIGRP neighbours but can ping the L3 addresses on each end.

View 1 Replies View Related

Cisco Firewall :: Keep ASA5520 Firewall In Sync

Aug 22, 2011

I have two asa 5520 firewalls. one at my primary data center connected to our production Internet feed, and one at my fail over data center connected to a backup internet feed. I was wondering if there was an easy way to keep the firewall rules in sync between the two firewalls. We have failover with our isp that will move our public facing address block from our primary site to our dr site in the event of a disaster so the ip addresses will not change if we were to have to fail over to the DR site. currently i just have to do any changes that i make on the fail over server but would like a way to at least simi-automat this if not fully automat this so that i can eliminate the possibility of human error of a change happening at primary but never getting don at DR.

View 1 Replies View Related

Cisco Firewall :: ASA 5585-X Multicast Support?

Feb 23, 2011

Is it true, that the new ASA Platform 5585 does not support Multicast. Here on Page 7:[URL] because the old ASAs support Multicast.

View 2 Replies View Related

Cisco Switching/Routing :: 2821 Multicast Routing Relay Basic

Mar 12, 2013

I  start configuring Cisco 2821 router for multicast . First short  description and attached sheme explanation. Let we say  I have small  network with 100 users. One router and Cisco switch 3560. Two VLAN’s,  one for data another for multicast. Data from internet works fine but  now I want to connect multicast servers (or source of more multicast  streams) from another subnet. Router have three interfaces.I expect there should be no problems with multicast configuration, but unfortunately it is not like I expect. What I did ?

First step:  enable multicast routing

Second step: on both interfaces (Fe 0/1 and Fe 0/2)  - ip pim sparse-mode

Third step: configure switch that users are connected to access port in VLAN 222 (temporary to see if multicast work)
 
When  I start VLC on computer nothing happend. If I try to connect computer  on same subnet where is source of multicast streams it works fine.What  I am doing wrong ? Is there anything about routing ? All subnets are  directly connected. RP is not needed if I have one router or ?

View 11 Replies View Related

Cisco Switching/Routing :: 881W - IOS Port Forwarding Commands For Port Forwarding

Apr 7, 2013

I am trying to open up port 32400 on my 881w Cisco router but I have not had any success I need to configure manual port-forward to enable my Plex Media server.

View 1 Replies View Related

Cisco Switching/Routing :: How To Enable Multicast Routing On 2960s

Mar 23, 2013

I need to enable multicast routing on 2960s but the command "ip multicast-routing" isn't available on my release (12.2.(55)).
 
From which release this command is available?     

View 1 Replies View Related

Cisco Switching/Routing :: 6509 - Multicast Routing Preference

Nov 14, 2012

I have a problem on my catalyst 6509 on which I would like to do the following things :
 
I have some Vlans in which multicast is enabled.
In tose Vlan theres is a router which is default router for equipements.
 
I had enabled multicast routing because some Vlan needs to exchange multicast informations, but I wolud like to make difference between Multicast traffic. For example I have 5 vlans:
 
Vlan 1 and 2 need to exchange Multicast informations but the don't need multicast information from Vlan 3 and 4
Vlan 3 and 5 need to exchange Multicast informations but the don't need multicast information from Vlan 1 and 2
Vlan 5 is independant Vlan but doesn't need to have multicast information from all others vlan.
 
Last problem, equipement on differents vlan can use the same Mulkticast group address. In this case, Multicast routing is not working between Vlan 1 to Vlan 2 and Vlan 3 to Vlan 4.

View 6 Replies View Related

Cisco Switching/Routing :: 4506 / 6506 - Multicast Routing

Mar 8, 2013

I am configuring multicast in a environment where I have a 4506 at each site (4 total) and a 6506 as the core. Each 4506 is connected via layer 3 to the 6506. I have a mix of 3560s, 3548s, and 2960s connected to the 4506s and the 6506 via layer 2 trunk
 
I have multiple multicast sources and hosts communicating at a time (multiple cameras sending video / multiple computers receiving video).  So this is not a scenario where there is 1 sender and many receivers.  This would be many senders (~50) and some receivers (~10)
 
Sample Diagram:
 
->3560
|
6506 --> 4506 --> 3548
|   |
|    --> 2960
|
4506 --> 2960
|
-->3548
 
I configured ip multicast-routing on each of the 4506s and on the 6506. IGMP snooping is on by default on the 3560 and 2960 switches. CGMP is on by default on the 3548 switches.
 
I set up PIM sparse-dense mode and IGMP version 3 on each of the layer 3 interfaces for the 4506s and 6506 where they connect and on each VLAN that is sending or receiving multicast. Multicast is working throughout the network, however I am looking to verify the configuration as I scale this out to more clients on the network. 
 
#1 - Is it correct to us sparse-dense mode in this configuration?
 
#2 - Do I need to configure a rendezvous points using AUTO-RP? (ip pim send-rp-announce INTERFACE scope TTL). Not sure here if I need to designate this and what to choose.  Right now I do not have this and it is working, but documentation seems to infer that I need to designate this.
 
#3 - Is there any other configuration settings I should be considering?  I hard to find real world configurations of multicast as examples or people that know multicast routing well.

View 3 Replies View Related

Cisco Switching/Routing :: Test Multicast Routing With 1801?

Apr 29, 2012

I would like test multicast routing with cisco1801.i create 2 Vlan. Vlan 200 (192.168.200.x) affect Fastethernet 1,  Vlan 130  (192.168.130.x) Fastethernet 5.

Version IOS is : adipservice-k9 124-9.t1

 ip multicast-routing
 
#int Vlan 130
  ip address 192.168.130.254 255.255.255.0
  Ip pim dense-mode
#int Vlan 200
  Ip address 192.168.200.254 255.255.255.0
  Ip pim dense-mode
 
I used VLC for my test.When i connect source (224.10.10.10) and recever ( Udp://@224.10.10.10:1234), that's ok!But, source is on the Vlan 200 and reicever on the Vlan 130, is not good!I test with "sparse-mode", i have same problem.

View 2 Replies View Related

Cisco Switching/Routing :: 887 - IP Multicast Routing Between Subnets Same Router

Feb 21, 2013

I’ve been trying a few days now to implement multicast routing on my home network in order to make airplay work between subnets. Specifically between an iphone and a hifi separated by different vlans. Failed, as I have no experience in multicast routing. we have a clean configuration and simple network which consists of two SVIs

Vlan 10: 192.168.1.0 255.255.255.0
Vlan 20: 192.168.2.0 255.255.255.0
 
ios platform cisco 887

View 5 Replies View Related

Cisco Firewall :: 5540 - Multicast Over Lan To Lan Ipsec Tunnel

May 3, 2011

I need to configure multicast between 2 Csico 5540's lan to lan ipsec tunnel for a Voip application.

View 2 Replies View Related

Cisco Firewall :: Only One Internet IP Can Be Used In Asa5520?

Sep 25, 2011

I have a asa5520 with five Internet IP.One for the internet interface and the others are static maped to dmz hosts. It runs rightly until yesterday.Now it will lose the connection to the gateway many times everyday and the dmz hosts can not connect to internet any time. configuration(simplified):
 
!
interface GigabitEthernet0/0
nameif internet
security-level 0

[Code]....

I called ISP to check,when ISP clear their router's ARP, the asa will lose the connection at the same time and then the ISP's router couldn't learn the ASA's MAC. After I 'clear arp' manually,The ISP's router can learn the ASA's MAC and the connection recovered,but the DMZ's cann't access internet still (of course,There is no problem between DMZ and ASA ,I ping the internet gateway from DMZ host and can not get any reply.).

View 2 Replies View Related

Cisco Firewall :: Upgrade 8.2.2 On ASA5520?

Oct 3, 2011

We have 2 x ASA5520 and I upgraded this to 8.2.2 last year, I see 8.2.5 and now 8.4 is out.  If we are having no issues, is it best just to leave it as it is?  I can see a couple of features I may find useful in 8.2.5, but 8.4 seems like a huge jump and a risky one too.

View 1 Replies View Related

Cisco :: Firewall ASA5520 Is Very Slow

May 8, 2011

I have one firewall ASA5520, are very slow

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved