Configuration steps
The following procedures show how to configure the multicast configuration settings for the devices in the example configuration.
Cisco_3750_1 router configuration
version 12.2
!
hostname Cisco-3750-1
!
switch 1 provision ws-c3750-24ts
ip subnet-zero
ip routing
!
ip multicast-routing distributed
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface Loopback0
ip address 169.254.100.1 255.255.255.255
!
interface FastEthernet1/0/23
switchport access vlan 182
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 172
switchport mode access
!
interface Vlan172
ip address 10.31.138.1 255.255.255.0
ip pim sparse-mode
ip igmp query-interval 125
ip mroute-cache distributed
!
interface Vlan182
ip address 169.254.82.250 255.255.255.0
ip pim sparse-mode
ip mroute-cache distributed
!
ip classless
ip route 0.0.0.0 0.0.0.0 169.254.82.1
ip http server
ip pim rp-address 169.254.100.1 Source-RP
!
ip access-list standard Source-RP
permit 233.254.200.0 0.0.0.255
Cisco_3750_2 router configuration
version 12.2
!
hostname Cisco-3750-2
!
switch 1 provision ws-c3750-24ts
ip subnet-zero
ip routing
!
ip multicast-routing distributed
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet1/0/23
switchport access vlan 138
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 182
witchport mode access
!
interface Vlan138
ip address 10.31.138.250 255.255.255.0
ip pim sparse-mode
ip mroute-cache distributed
!
interface Vlan182
ip address 169.254.82.1 255.255.255.0
ip pim sparse-mode
ip mroute-cache distributed
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.31.138.253
ip route 169.254.100.1 255.255.255.255 169.254.82.250
ip http server
ip pim rp-address 169.254.100.1 Source-RP
!
!
ip access-list standard Source-RP
permit 233.254.200.0 0.0.0.255
To configure the FortiGate-800 unit
1. Configure the internal and external interfaces.
• Internal
Go to System > Network > Interfaces.
Select the internal interface
Verify the following settings:
Type: | Physical Interface |
Addressing mode: | Manual |
IP/Network Mask: | 10.31.138.253 255.255.255.0 |
Administrative Access: | PING |
Select OK
• External
Go to System > Network > Interfaces.
Select the external interface
Verify the following settings:
Type: | Physical Interface |
Addressing mode: | Manual |
IP/Network Mask: | 10.31.130.253 255.255.255.0 |
Administrative Access: | HTTPS and PING |
Select OK.
2. Add a firewall addresses.
Go to Firewall Objects > Address > Addresses.
• RP
Select Create New.
Use the following settings:
Category: | Address |
Name: | RP |
Type: | Subnet |
Subnet/IP Range: | 169.254.100.1/32 |
Interface: | Any |
Select OK.
• Multicast source subnet
Select Create New.
Use the following settings:
Category: | Address |
Name: | multicast_source_subnet |
Type: | Subnet |
Subnet/IP Range: | 169.254.82.0/24 |
Interface: | Any |
Select OK.
3. Add destination multicast address
Go to Firewall Objects > Address > Addresses.
Select Create New.
Use the following settings:
Category: | Multicast Address |
Name: | Multicast_stream |
Type: | Broadcast Subnet |
Broadcast Subnet: | 233.254.200.0/24 |
Interface: | Any |
Select OK.
4. Add standard security policies to allow traffic to reach the RP.
Go to Policy > Policy > Policy
• 1st policy
Select Create New
Use the following settings:
Policy Type: | Firewall |
Policy Subtype: | Address |
Incoming Interfac: | internal |
Source Address: | all |
Outgoing Interface: | external |
Destination Address: | RP |
Schedule: | always |
Service: | ALL |
Action: | ACCEPT |
Select OK.
• 2nd policy
Select Create New
Use the following settings:
Policy Type: | Firewall |
Policy Subtype: | Address |
Incoming Interfac: | external |
Source Address: | RP |
Outgoing Interface: | internal |
Destination Address: | all |
Schedule: | always |
Service: | ALL |
Action: | ACCEPT |
Select OK.
5. Add the multicast security policy.
Go to Policy > Policy > Multicast Policy
Select Create New
Use the following settings:
Incoming Interface: | external |
Source Address: | multicast_source_subnet |
Outgoing Interface: | internal |
Destination Address: | multicast_stream |
Protocol: | Any |
Action: | ACCEPT |
Select OK.
6. Add an access list. (CLI only)
config router access-list
edit Source-RP
config rule
edit 1
set prefix 233.254.200.0 255.255.255.0
set exact-match disable
next
end
7. Add some static routes.
Go to Router > Static > Static Routes.
• Route 1
Select Create New.
Use the following settings:
Destination IP/Mask: | 0.0.0.0/0.0.0.0 |
Device: | internal |
Gateway: | 10.31.130.250 |
Select OK.
• Route 2
Select Create New.
Use the following settings:
Destination IP/Mask: | 169.254.0.0/16 |
Device: | external |
Gateway: | 10.31.138.250 |
Select OK.
8. Configure multicast routing.
Go to Router > Dynamic > Multicast.
Add the following Static Rendezvous Point(s):
• 169.254.100.1
• Route 1
Select Create New.
Use the following settings:
Interface: | internal |
PIM Mode: | Sparse Mode |
DR Priority: | <not needed in this scenario> |
RP Candidate: | <not needed in this scenario> |
RP Candidate Priority: | <not needed in this scenario> |
Select OK.
• Route 2
Select Create New.
Use the following settings:
Interface: | external |
PIM Mode: | Sparse Mode |
DR Priority: | |
RP Candidate: | |
RP Candidate Priority: | |
Select OK.
Cisco_3750_3 router configuration
version 12.2
!
hostname Cisco-3750-3
!
switch 1 provision ws-c3750-24ts
ip subnet-zero
ip routing
!
ip multicast-routing distributed
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet1/0/23
switchport access vlan 128
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 130
switchport mode access
!
interface Vlan128
ip address 10.31.128.130 255.255.255.252
ip pim sparse-mode
ip mroute-cache distributed
!
interface Vlan130
ip address 10.31.130.250 255.255.255.0
ip pim sparse-mode
ip mroute-cache distributed
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.31.130.1
ip http server
ip pim rp-address 169.254.100.1 Source-RP
!
!
ip access-list standard Source-RP
permit 233.254.200.0 0.0.0.255