SRX Services Gateway
SRX Services Gateway

Multicast PIM IGMP Apple tv and bonjour

‎05-23-2014 06:44 PM

hi guys,

 

after couple of days searching and configuring, i still didnt get the apple tv work from another subnet.

 

i have got a next setup:

 

AppleTV 192.168.3.x  (fe03) --------- SRX--------- (ge01) 192.168.1.10 Cisco Wifi Router ^^^^^ 10.35.132.x iphone/ipad

 

on the wifi Router is the NAT disabled.

 

i want to set PIM on the SRX but i think i got some kind of bug, because i cant enable it, because it cant find any interface-name when i want to set the pim.

 

 

#########################################################

serdar@SRX210# set protocols pim interface ?

Possible completions:
<interface_name> Interface name
[edit]
serdar@SRX210# set protocols pim interface

#########################################################

 

 

 

as you see i cant find any interface... when i fill it in :

 

#########################################################

[edit]

serdar@SRX210# set protocols pim interface ge-0/0/1.0 mode dense

[edit]
serdar@SRX210# commit
[edit protocols pim]
'interface'
PIM: interface ge-0/0/1.0 not configured under instance
error: configuration check-out failed

#########################################################

 

 

i already got the next policies etc:

 

set protocols igmp interface ge-0/0/1.0 accounting
set protocols igmp interface fe-0/0/3.0 accounting

 

set security policies from-zone TRUST to-zone TRUST policy 1 match source-address NET_192.168.1.0
set security policies from-zone TRUST to-zone TRUST policy 1 match source-address NET_192.168.2.0
set security policies from-zone TRUST to-zone TRUST policy 1 match source-address NET_192.168.3.0
set security policies from-zone TRUST to-zone TRUST policy 1 match destination-address NET_192.168.1.0
set security policies from-zone TRUST to-zone TRUST policy 1 match destination-address NET_192.168.2.0
set security policies from-zone TRUST to-zone TRUST policy 1 match destination-address NET_192.168.3.0
set security policies from-zone TRUST to-zone TRUST policy 1 match application any
set security policies from-zone TRUST to-zone TRUST policy 1 then permit
set security policies from-zone TRUST to-zone TRUST policy 2 match source-address NET_10.35.132.0
set security policies from-zone TRUST to-zone TRUST policy 2 match destination-address any
set security policies from-zone TRUST to-zone TRUST policy 2 match application any
set security policies from-zone TRUST to-zone TRUST policy 2 then permit
set security policies from-zone TRUST to-zone TRUST policy 3 match source-address any
set security policies from-zone TRUST to-zone TRUST policy 3 match destination-address NET_10.35.132.0
set security policies from-zone TRUST to-zone TRUST policy 3 match application any
set security policies from-zone TRUST to-zone TRUST policy 3 then permit

 

 

set security zones security-zone TRUST host-inbound-traffic system-services all
set security zones security-zone TRUST host-inbound-traffic protocols all
set security zones security-zone TRUST interfaces ge-0/0/1.0
set security zones security-zone TRUST interfaces fe-0/0/3.0 host-inbound-traffic system-services all

 

set routing-instances PRODUCTION routing-options static route 10.35.132.0/24 next-hop 192.168.1.10

 

 

any help would be very appriciated !!!

 

THX!!!

3 REPLIES 3
SRX Services Gateway

Re: Multicast PIM IGMP Apple tv and bonjour

‎05-24-2014 02:22 AM

Hello,

We get the configuration check-out failed error when the interface that is part of a routing-instance /virtual-router is used to enable PIM in the inet VR.

 

Please check the interface is part of a diffrent VR or not. I will suggest to use an interface on inet VR for PIM dense mode.

 

-CK

SRX Services Gateway

Re: Multicast PIM IGMP Apple tv and bonjour

‎05-24-2014 05:14 AM

hi,

 

yes it is part of a VR:

 

set routing-instances PRODUCTION instance-type virtual-router
set routing-instances PRODUCTION interface ge-0/0/0.0
set routing-instances PRODUCTION interface ge-0/0/1.0
set routing-instances PRODUCTION interface fe-0/0/2.1000
set routing-instances PRODUCTION interface fe-0/0/2.1127
set routing-instances PRODUCTION interface fe-0/0/3.0
set routing-instances PRODUCTION interface fe-0/0/4.0
set routing-instances PRODUCTION interface fe-0/0/5.0
set routing-instances PRODUCTION interface fe-0/0/7.0

 

is it not possible that the firewall checks for the Bonjour on a interface and send this through a routed network to the wifi subnet?

SRX Services Gateway

Re: Multicast PIM IGMP Apple tv and bonjour

‎05-24-2014 08:02 AM

Hello,

 

You can configure for PIM on the routing instance as below.

 

set routing-instances PRODUCTION interface <interface name > protocol mode dense.

 

In the past , I had issues with PIM dense mode when PIM interface was on the VR. Issue got resolved when I moved the interface to the inet VR /default VR.