[c-nsp] FWSM blocking multicast traffic between two hosts insameVlan?
David Prall
dcp at dcptech.com
Sun Sep 2 11:41:10 EDT 2007
Arie,
This is why it is required that multi svi be configured in order for this
configuration to be implemented. A good option when doing this is to use
vrf-lite, so that the inside and outside are different routing tables. Then
either static via the FWSM or a routing protocol across/with the FWSM can be
implemented. Both OSPF and BGP are now supported on the FWSM. And we now
support per vrf router-id.
David
--
http://dcp.dcptech.com
> -----Original Message-----
> From: Arie Vayner (avayner) [mailto:avayner at cisco.com]
> Sent: Sunday, September 02, 2007 4:18 AM
> To: David Prall; Joann Deng; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] FWSM blocking multicast traffic between
> two hosts insameVlan?
>
> David,
>
> It is possible to create an SVI ("vlan") interface on the
> "inside" VLAN
> of the FWSM, and configure IP functionality on this interface. This
> would enable the MSFC to be the PIM router, BUT would create a major
> backdoor, as hosts on the internal vlan would be reachable through the
> MSFC without going through the FWSM.
>
> This topology is actually possible to implement, and I have seen it
> being implemented for complex multicast solutions, but it has
> to be done
> only when you fully understand what you are doing, and assess all the
> risks.
> It's the kind of "Don't do it at home" kind of stuff...
>
> Arie
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of David Prall
> Sent: Saturday, September 01, 2007 03:24 AM
> To: 'Joann Deng'; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] FWSM blocking multicast traffic between two hosts
> insameVlan?
>
> Is the FWSM your default gateway. If so you need something to
> act as the
> PIM Router in order for IGMP Snooping to work correctly. I'm
> not sure if
> the FWSM can do this. You could also configure your switch as an IGMP
> snooping queurier if no PIM Router is present.
>
> David
>
> --
> http://dcp.dcptech.com
>
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joann Deng
> > Sent: Friday, August 31, 2007 5:22 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] FWSM blocking multicast traffic between
> two hosts in
> > sameVlan?
> >
> > Hi,
> >
> > We have hosts in the same Vlan, which connects to FWSM
> (routed mode).
> > These two hosts run WebLogic, which uses multicast address
> > 237.155.155.2 to communicate.
> > But somehow, when run "ping 237.155.155.2" on one host, cannot see
> > response back from the other.
> > So, is it possible that FWSM is doing something fancy, like
> blocking
> > multicast traffic, and we need to add some configs?
> > Any input is highly appreciated.
> >
> > Thanks,
> >
> > Joann
> >
> >
> >
> > ______________________________________________________________
> > ______________________
> > Take the Internet to Go: Yahoo!Go puts the Internet in your
> > pocket: mail, news, photos & more.
> > http://mobile.yahoo.com/go?refer=1GNXIC
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list