Cisco Systems CL-28826-01 Configuring IGMP

53-2

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 53 Configuring Multicast Policies on Firewall Devices

Configuring IGMP

Navigation Path

•(Device view) Select Platform > Multicast > Enable PIM and IGMP from the Device Policy

selector.

•(Policy view) Select PIX/ASA/FWSM Platform > Multicast > Enable PIM and IGMP from the

Policy Type selector. Select an existing policy from the Shared Policy selector, or create a new one.

Related Topics

•Configuring IGMP, page53-2

•Configuring Multicast Routes, page 53-8

•Configuring Multicast Boundary Filters, page 53-9

•Configuring PIM, page 53-11

Configuring IGMP

Internet Protocol hosts use IGMP to report their group memberships to directly connected multicast

routers. Internet Group Management Protocol (IGMP) uses group-address (Class D) IP addresses.

Host group addresses can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0 is never

assigned to any group. The address 224.0.0.1 is assigned to all systems on a subnet. The address

224.0.0.2 is assigned to all routers on a subnet.

The IGMP page provides four tabbed panels, used to configure and manage IGMP in Security Manager:

•IGMP Page - Protocol Tab, page53-3 – This panel displays interface-specific IGMP parameters;

you can disable IGMP and change IGMP parameters.

•IGMP Page - Access Group Tab, page53-5 – Lets you manage access groups that restrict the

multicast sources allowed on an interface.

•IGMP Page - Static Group Tab, page53-6 – Sometimes, hosts on a network may have a

configuration that prevents them from answering IGMP queries; however, you still want multicast

traffic to be forwarded to that network segment. There are two methods to pull multicast traffic down

to a network segment:

–

Use the Join Group tab to configure the interface as a member of the multicast group. With this

method, the security appliance accepts the multicast packets in addition to forwarding them to

the specified interface.

–

Use the Static Group tab to configure the security appliance to be a statically connected member

of a group. With this method, the security appliance does not accept the packets itself, but only

forwards them. Therefore, this method allows fast switching. The outgoing interface appears in

the IGMP cache, but itself is not a member of the multicast group.

Use this tab to statically assign a multicast group to an interface, or change existing static group

assignments.

•IGMP Page - Join Group Tab, page 53-7 – Use this tab to manage the multicast groups to which the

security appliance belongs.

Note If you simply want to forward multicast packets for a specific group to an interface without

the security appliance accepting those packets as part of the group, see IGMP Page - Static

Group Tab, page 53-6.