Sean, If the workstations are logged on, your problem is not CCA. Just wanted to throw that out there. (Since in IB Virtual-Gateway, Multicast is supported ONCE you log in)
If they are not logged in, then they are routing thru CCA. That is the only Case where this scenario works. You would create a routing interface for the untrusted VLAN on the router BEFORE the clients Subnet gets to CCA. (Bear with me here for a second, I know this is against the implementation of CCA rules) By routing interface, I mean interface vlan X in cisco IOS. If you have a diffferent brand router, I'm not sure of the command. Give the interface an IP outside of your normal network. I'd recommend starting with 1.1.2.1/32 and working up from there. (DO NOT EVER USE 1.1.1.1, other equipment uses this by default sometimes) Give this interface the multicast commands. (ip pim sparse (I think)) This will give multicast traffic a way around CCA, but not allow anyone in Unicast land to be able to route around CCA. Is this enough to get you going? I'm sure Don or I could provide specific examples if necessary. Mike On Jan 8, 2008 11:11 AM, Hennessey, Sean <[EMAIL PROTECTED]> wrote: > Hi Mike – > > > > Thanks for your ideas! You actually have helped somewhat and what ever > confusion there is remains my own… J > > > > We are running IB-Virtual Gateway and are trying to span subnets – from a > server subnet that does not go through CCA to access the network to > workstation subnets that do. I would really appreciate it if you could go > into the details of the work around you offered. Please let me know if > there's anymore specs I can offer on our set up to help. > > > > Thank you again for your help! > > > > - Sean > > > > ---- > > Sean Hennessey > > Networking and Information Security Systems Administrator > > The University of Portland > ------------------------------ > > *From:* Cisco Clean Access Users and Administrators [mailto: > [EMAIL PROTECTED] *On Behalf Of *Mike King > *Sent:* Monday, January 07, 2008 6:47 PM > *To:* [email protected] > *Subject:* Re: Clean Access and Ghost/Multicast > > > > Hi Sean, > > To answer your question we'd need a bit more info. > > To start with, I assume you are trying to multicast across multple > subnets. (IE, your GhostCast server is on the other side of CCA) > > CCA has varying support for Multicast. > > What mode are you running CCA? OOB? IB-Real IP Gateway? > IB-Virtual-Gateway? > > Clean Access IB-Real-IP-Gateway does NOT Directly support Multicast. More > specifically the software router engine in CCA does not support Multicast. > If you are using one of the modes where you are utilizing something else as > a router (OOB, IB-Virtual-Gateway) then Multicast is dependant on your > actual router, but this assumes the client is already logged in. > > For IB-Real-IP-Gateway, there is a technical workaround to allow multicast > work. I'll go into it if you want. > > So Did I answer your question, or confuse you worse? > > Mike > > On Jan 7, 2008 5:18 PM, Hennessey, Sean <[EMAIL PROTECTED]> wrote: > > Hi all – > > > > The techs that work here with me have been unable to use Ghost to image > multiple systems at a time. They are able to Unicast fine for one machine at > a go, but when it becomes multiple it fails. We are thinking in might have > to do with the switch from Unicast's specific IP addressing to Multicast's > using a multicast address. > > > > Has anyone else encountered this beast and successfully slain it? We are > running 4.1.3 but the problem has persisted through every flavor of Clean > Access we've used. > > > > Thanks! > > > > - Sean > > > > ---- > > Sean Hennessey > > Networking and Information Security Systems Administrator > > The University of Portland > > > > >
