Fortinet black logo

Handbook

Example FortiGate PIM-SM configuration using a static RP

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:29085
Download PDF

The example Protocol Independent Multicast Sparse Mode (PIM-SM) configuration shown below has been tested for multicast interoperability using PIM-SM between Cisco 3750 switches running 12.2 and a FortiGate-800 running FortiOS v3.0 MR5 patch 1. In this configuration, the receiver receives the multicast stream when it joins the group 233.254.200.1.

Example: FortiGate PIM-SM topology

The configuration uses a statically configured rendezvous point (RP) which resides on the Cisco_3750_1. Using a bootstrap router (BSR) wasn't tested in this example. See “Example PIM configuration that uses BSR to find the RP” for an example that uses a BSR.

Configuration steps

The following procedures show how to configure the multicast configuration settings for the devices in the example configuration.

  • Cisco_3750_1 router configuration
  • Cisco_3750_2 router configuration
  • To configure the FortiGate-800 unit
  • Cisco_3750_3 router configuration
Cisco_3750_1 router configuration

version 12.2

!

hostname Cisco-3750-1

!

switch 1 provision ws-c3750-24ts

ip subnet-zero

ip routing

!

ip multicast-routing distributed

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface Loopback0

ip address 169.254.100.1 255.255.255.255

!

interface FastEthernet1/0/23

switchport access vlan 182

switchport mode access

!

interface FastEthernet1/0/24

switchport access vlan 172

switchport mode access

!

interface Vlan172

ip address 10.31.138.1 255.255.255.0

ip pim sparse-mode

ip igmp query-interval 125

ip mroute-cache distributed

!

interface Vlan182

ip address 169.254.82.250 255.255.255.0

ip pim sparse-mode

ip mroute-cache distributed

!

ip classless

ip route 0.0.0.0 0.0.0.0 169.254.82.1

ip http server

ip pim rp-address 169.254.100.1 Source-RP

!

ip access-list standard Source-RP

permit 233.254.200.0 0.0.0.255

Cisco_3750_2 router configuration

version 12.2

!

hostname Cisco-3750-2

!

switch 1 provision ws-c3750-24ts

ip subnet-zero

ip routing

!

ip multicast-routing distributed

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet1/0/23

switchport access vlan 138

switchport mode access

!

interface FastEthernet1/0/24

switchport access vlan 182

witchport mode access

!

interface Vlan138

ip address 10.31.138.250 255.255.255.0

ip pim sparse-mode

ip mroute-cache distributed

!

interface Vlan182

ip address 169.254.82.1 255.255.255.0

ip pim sparse-mode

ip mroute-cache distributed

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.31.138.253

ip route 169.254.100.1 255.255.255.255 169.254.82.250

ip http server

ip pim rp-address 169.254.100.1 Source-RP

!

!

ip access-list standard Source-RP

permit 233.254.200.0 0.0.0.255

To configure the FortiGate-800 unit - GUI:
  1. Configure the internal interface:
    1. Go to Network > Interfaces.
    2. Select the internal interface.
    3. Verify the following settings:

      Type

      Physical Interface

      Addressing mode

      Manual

      IP/Network Mask

      10.31.138.253 255.255.255.0

      Administrative Access

      PING

    4. Select OK.
  2. Configure the external interface:
    1. Go to Network > Interfaces.
    2. Select the external interface.
    3. Verify the following settings:

      Type

      Physical Interface

      Addressing mode

      Manual

      IP/Network Mask

      10.31.130.253 255.255.255.0

      Administrative Access

      HTTPS and PING

    4. Select OK.
  3. Add firewall addresses:
    1. Go to Policy & Objects > Addresses
    2. Configure a firewall address called RP:
      1. Select Create New.
      2. Use the following settings:
      3. Category

        Address

        Name

        RP

        Type

        Subnet

        Subnet/IP Range

        169.254.100.1/32

        Interface

        Any

        Visibility

        <enabled>

      4. Select OK.
    3. Configure a firewall address called multicast_source_subnet:
      1. Select Create New.
      2. Use the following settings:
      3. Category

        Address

        Name

        multicast_source_subnet

        Type

        Subnet

        Subnet/IP Range

        169.254.82.0/24

        Interface

        Any

        Visibility

        <enabled>

      4. Select OK.
  4. Add a destination multicast address:
    1. Go to Policy & Objects > Addresses.
    2. Select Create New.
    3. Use the following settings:
    4. Category

      Multicast Address

      Name

      Multicast_stream

      Type

      Broadcast Subnet

      Broadcast Subnet

      233.254.200.0/24

      Interface

      Any

      Visibility

      <enabled>

    5. Select OK.
  5. Add standard security policies to allow traffic to reach the RP.
    1. Go to Policy & Objects > IPv4 Policy.
    2. Configure the 1st policy:
      1. Select Create New.
      2. Use the following settings:
      3. Incoming Interface

        internal

        Outgoing Interface

        external

        Source

        all

        Destination

        RP

        Schedule

        always

        Service

        ALL

        Action

        ACCEPT

      4. Select OK.
    3. Configure the 2nd policy:
      1. Select Create New.
      2. Use the following settings:
      3. Incoming Interface

        external

        Outgoing Interface

        internal

        Source

        RP

        Destination

        all

        Schedule

        always

        Service

        ALL

        Action

        ACCEPT

      4. Select OK.
  6. Add the multicast security policy:
    1. Go to Policy & Objects > Multicast Policy.
    2. Select Create New.
    3. Use the following settings:
    4. Incoming Interface

      external

      Outgoing Interface

      internal

      Source Address

      multicast_source_subnet

      Destination Address

      multicast_stream

      Protocol

      Any

      Action

      ACCEPT

    5. Select OK.
  7. Add an access list (CLI only):

    config router access-list

    edit Source-RP

    config rule

    edit 1

    set prefix 233.254.200.0 255.255.255.0

    set exact-match disable

    next

    end

  8. Add some static routes:
    1. Go to Network > Static Routes.
    2. Create the first route:
      1. Select Create New.
      2. Use the following settings:
      3. Destination

        0.0.0.0/0.0.0.0

        Interface

        internal

        Gateway Address

        10.31.130.250

        Administrative Distance

        <default>

        Priority

        <default>

      4. Select OK.
    3. Create the second route:
      1. Select Create New.
      2. Use the following settings:
      3. Destination

        169.254.0.0/16

        Interface

        external

        Gateway Address

        10.31.138.250

        Administrative Distance

        <default>

        Priority

        <default>

      4. Select OK.
  9. Configure multicast routing:
    1. Go to Network > Multicast.
    2. Add Static Rendezvous Points (RPs) for 169.254.100.1:
      1. Route 1:
        1. Select Create New.
        2. Use the following settings:
        3. Interface

          internal

          PIM Mode

          Sparse

          DR Priority

          <not needed in this scenario>

          RP Candidate

          <not needed in this scenario>

          RP Candidate Priority

          <not needed in this scenario>

        4. Select OK.
      2. Route 2:
        1. Select Create New.
        2. Use the following settings:
        3. Interface

          external

          PIM Mode

          Sparse

          DR Priority

          RP Candidate

          RP Candidate Priority

        4. Select OK.
Cisco_3750_3 router configuration

version 12.2

!

hostname Cisco-3750-3

!

switch 1 provision ws-c3750-24ts

ip subnet-zero

ip routing

!

ip multicast-routing distributed

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet1/0/23

switchport access vlan 128

switchport mode access

!

interface FastEthernet1/0/24

switchport access vlan 130

switchport mode access

!

interface Vlan128

ip address 10.31.128.130 255.255.255.252

ip pim sparse-mode

ip mroute-cache distributed

!

interface Vlan130

ip address 10.31.130.250 255.255.255.0

ip pim sparse-mode

ip mroute-cache distributed

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.31.130.1

ip http server

ip pim rp-address 169.254.100.1 Source-RP

!

!

ip access-list standard Source-RP

permit 233.254.200.0 0.0.0.255

The example Protocol Independent Multicast Sparse Mode (PIM-SM) configuration shown below has been tested for multicast interoperability using PIM-SM between Cisco 3750 switches running 12.2 and a FortiGate-800 running FortiOS v3.0 MR5 patch 1. In this configuration, the receiver receives the multicast stream when it joins the group 233.254.200.1.

Example: FortiGate PIM-SM topology

The configuration uses a statically configured rendezvous point (RP) which resides on the Cisco_3750_1. Using a bootstrap router (BSR) wasn't tested in this example. See “Example PIM configuration that uses BSR to find the RP” for an example that uses a BSR.

Configuration steps

The following procedures show how to configure the multicast configuration settings for the devices in the example configuration.

  • Cisco_3750_1 router configuration
  • Cisco_3750_2 router configuration
  • To configure the FortiGate-800 unit
  • Cisco_3750_3 router configuration
Cisco_3750_1 router configuration

version 12.2

!

hostname Cisco-3750-1

!

switch 1 provision ws-c3750-24ts

ip subnet-zero

ip routing

!

ip multicast-routing distributed

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface Loopback0

ip address 169.254.100.1 255.255.255.255

!

interface FastEthernet1/0/23

switchport access vlan 182

switchport mode access

!

interface FastEthernet1/0/24

switchport access vlan 172

switchport mode access

!

interface Vlan172

ip address 10.31.138.1 255.255.255.0

ip pim sparse-mode

ip igmp query-interval 125

ip mroute-cache distributed

!

interface Vlan182

ip address 169.254.82.250 255.255.255.0

ip pim sparse-mode

ip mroute-cache distributed

!

ip classless

ip route 0.0.0.0 0.0.0.0 169.254.82.1

ip http server

ip pim rp-address 169.254.100.1 Source-RP

!

ip access-list standard Source-RP

permit 233.254.200.0 0.0.0.255

Cisco_3750_2 router configuration

version 12.2

!

hostname Cisco-3750-2

!

switch 1 provision ws-c3750-24ts

ip subnet-zero

ip routing

!

ip multicast-routing distributed

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet1/0/23

switchport access vlan 138

switchport mode access

!

interface FastEthernet1/0/24

switchport access vlan 182

witchport mode access

!

interface Vlan138

ip address 10.31.138.250 255.255.255.0

ip pim sparse-mode

ip mroute-cache distributed

!

interface Vlan182

ip address 169.254.82.1 255.255.255.0

ip pim sparse-mode

ip mroute-cache distributed

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.31.138.253

ip route 169.254.100.1 255.255.255.255 169.254.82.250

ip http server

ip pim rp-address 169.254.100.1 Source-RP

!

!

ip access-list standard Source-RP

permit 233.254.200.0 0.0.0.255

To configure the FortiGate-800 unit - GUI:
  1. Configure the internal interface:
    1. Go to Network > Interfaces.
    2. Select the internal interface.
    3. Verify the following settings:

      Type

      Physical Interface

      Addressing mode

      Manual

      IP/Network Mask

      10.31.138.253 255.255.255.0

      Administrative Access

      PING

    4. Select OK.
  2. Configure the external interface:
    1. Go to Network > Interfaces.
    2. Select the external interface.
    3. Verify the following settings:

      Type

      Physical Interface

      Addressing mode

      Manual

      IP/Network Mask

      10.31.130.253 255.255.255.0

      Administrative Access

      HTTPS and PING

    4. Select OK.
  3. Add firewall addresses:
    1. Go to Policy & Objects > Addresses
    2. Configure a firewall address called RP:
      1. Select Create New.
      2. Use the following settings:
      3. Category

        Address

        Name

        RP

        Type

        Subnet

        Subnet/IP Range

        169.254.100.1/32

        Interface

        Any

        Visibility

        <enabled>

      4. Select OK.
    3. Configure a firewall address called multicast_source_subnet:
      1. Select Create New.
      2. Use the following settings:
      3. Category

        Address

        Name

        multicast_source_subnet

        Type

        Subnet

        Subnet/IP Range

        169.254.82.0/24

        Interface

        Any

        Visibility

        <enabled>

      4. Select OK.
  4. Add a destination multicast address:
    1. Go to Policy & Objects > Addresses.
    2. Select Create New.
    3. Use the following settings:
    4. Category

      Multicast Address

      Name

      Multicast_stream

      Type

      Broadcast Subnet

      Broadcast Subnet

      233.254.200.0/24

      Interface

      Any

      Visibility

      <enabled>

    5. Select OK.
  5. Add standard security policies to allow traffic to reach the RP.
    1. Go to Policy & Objects > IPv4 Policy.
    2. Configure the 1st policy:
      1. Select Create New.
      2. Use the following settings:
      3. Incoming Interface

        internal

        Outgoing Interface

        external

        Source

        all

        Destination

        RP

        Schedule

        always

        Service

        ALL

        Action

        ACCEPT

      4. Select OK.
    3. Configure the 2nd policy:
      1. Select Create New.
      2. Use the following settings:
      3. Incoming Interface

        external

        Outgoing Interface

        internal

        Source

        RP

        Destination

        all

        Schedule

        always

        Service

        ALL

        Action

        ACCEPT

      4. Select OK.
  6. Add the multicast security policy:
    1. Go to Policy & Objects > Multicast Policy.
    2. Select Create New.
    3. Use the following settings:
    4. Incoming Interface

      external

      Outgoing Interface

      internal

      Source Address

      multicast_source_subnet

      Destination Address

      multicast_stream

      Protocol

      Any

      Action

      ACCEPT

    5. Select OK.
  7. Add an access list (CLI only):

    config router access-list

    edit Source-RP

    config rule

    edit 1

    set prefix 233.254.200.0 255.255.255.0

    set exact-match disable

    next

    end

  8. Add some static routes:
    1. Go to Network > Static Routes.
    2. Create the first route:
      1. Select Create New.
      2. Use the following settings:
      3. Destination

        0.0.0.0/0.0.0.0

        Interface

        internal

        Gateway Address

        10.31.130.250

        Administrative Distance

        <default>

        Priority

        <default>

      4. Select OK.
    3. Create the second route:
      1. Select Create New.
      2. Use the following settings:
      3. Destination

        169.254.0.0/16

        Interface

        external

        Gateway Address

        10.31.138.250

        Administrative Distance

        <default>

        Priority

        <default>

      4. Select OK.
  9. Configure multicast routing:
    1. Go to Network > Multicast.
    2. Add Static Rendezvous Points (RPs) for 169.254.100.1:
      1. Route 1:
        1. Select Create New.
        2. Use the following settings:
        3. Interface

          internal

          PIM Mode

          Sparse

          DR Priority

          <not needed in this scenario>

          RP Candidate

          <not needed in this scenario>

          RP Candidate Priority

          <not needed in this scenario>

        4. Select OK.
      2. Route 2:
        1. Select Create New.
        2. Use the following settings:
        3. Interface

          external

          PIM Mode

          Sparse

          DR Priority

          RP Candidate

          RP Candidate Priority

        4. Select OK.
Cisco_3750_3 router configuration

version 12.2

!

hostname Cisco-3750-3

!

switch 1 provision ws-c3750-24ts

ip subnet-zero

ip routing

!

ip multicast-routing distributed

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet1/0/23

switchport access vlan 128

switchport mode access

!

interface FastEthernet1/0/24

switchport access vlan 130

switchport mode access

!

interface Vlan128

ip address 10.31.128.130 255.255.255.252

ip pim sparse-mode

ip mroute-cache distributed

!

interface Vlan130

ip address 10.31.130.250 255.255.255.0

ip pim sparse-mode

ip mroute-cache distributed

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.31.130.1

ip http server

ip pim rp-address 169.254.100.1 Source-RP

!

!

ip access-list standard Source-RP

permit 233.254.200.0 0.0.0.255