Sean, If your using IB Virtual Gateway, and Multicast is not passing, I don't think it's a CCA issue, or at least you wouldn't need to work around the CCA router.
It sounds like the Authenticated VLAN or the router is not Multicast enabled I think you have to issue a ip multicast-routing command to enable Muticast on the router, then on each VLAN that you want to route Multicast you issue ip pim sparse-mode for example: interface Vlan1050 description Client Access Vlan ip address 10.1.50.254 255.255.255.0 ip helper-address 10.2.1.11 ip helper-address 10.2.1.12 ip pim sparse-mode ! It's a bit of a dense read, but cisco has a really good Multicast design guide http://www.cisco.com/application/pdf/en/us/guest/tech/tk363/c1501/ccmigration_09186a008015e7cc.pdf PIM Sparse mode is the recommended way of deploying. On Jan 9, 2008 5:46 PM, Hennessey, Sean <[EMAIL PROTECTED]> wrote: > Thanks Mike! > > > > According to our tech support staff it's not working via multicast even > when they are logged in and the roles of their profile should not block it. > I have written already to ask Don to share some examples. I really > appreciate your help! > > > > - Sean > > > > ---- > > Sean Hennessey > > Networking and Information Security Systems Administrator > > The University of Portland > ------------------------------ > > *From:* Cisco Clean Access Users and Administrators [mailto: > [EMAIL PROTECTED] *On Behalf Of *Mike King > *Sent:* Wednesday, January 09, 2008 4:30 AM > > *To:* [email protected] > *Subject:* Re: Clean Access and Ghost/Multicast > > > > Sean, If the workstations are logged on, your problem is not CCA. Just > wanted to throw that out there. (Since in IB Virtual-Gateway, Multicast is > supported ONCE you log in) > > If they are not logged in, then they are routing thru CCA. That is the > only Case where this scenario works. > > You would create a routing interface for the untrusted VLAN on the router > BEFORE the clients Subnet gets to CCA. (Bear with me here for a second, I > know this is against the implementation of CCA rules) By routing interface, > I mean interface vlan X in cisco IOS. If you have a diffferent brand > router, I'm not sure of the command. > Give the interface an IP outside of your normal network. I'd recommend > starting with 1.1.2.1/32 and working up from there. (DO NOT EVER USE > 1.1.1.1, other equipment uses this by default sometimes) > > Give this interface the multicast commands. (ip pim sparse (I think)) > > This will give multicast traffic a way around CCA, but not allow anyone in > Unicast land to be able to route around CCA. > > Is this enough to get you going? I'm sure Don or I could provide specific > examples if necessary. > > Mike > > On Jan 8, 2008 11:11 AM, Hennessey, Sean <[EMAIL PROTECTED]> wrote: > > Hi Mike – > > > > Thanks for your ideas! You actually have helped somewhat and what ever > confusion there is remains my own… J > > > > We are running IB-Virtual Gateway and are trying to span subnets – from a > server subnet that does not go through CCA to access the network to > workstation subnets that do. I would really appreciate it if you could go > into the details of the work around you offered. Please let me know if > there's anymore specs I can offer on our set up to help. > > > > Thank you again for your help! > > > > - Sean > > > > ---- > > Sean Hennessey > > Networking and Information Security Systems Administrator > > The University of Portland > ------------------------------ > > *From:* Cisco Clean Access Users and Administrators [mailto: > [EMAIL PROTECTED] *On Behalf Of *Mike King > *Sent:* Monday, January 07, 2008 6:47 PM > *To:* [email protected] > *Subject:* Re: Clean Access and Ghost/Multicast > > > > Hi Sean, > > To answer your question we'd need a bit more info. > > To start with, I assume you are trying to multicast across multple > subnets. (IE, your GhostCast server is on the other side of CCA) > > CCA has varying support for Multicast. > > What mode are you running CCA? OOB? IB-Real IP Gateway? > IB-Virtual-Gateway? > > Clean Access IB-Real-IP-Gateway does NOT Directly support Multicast. More > specifically the software router engine in CCA does not support Multicast. > If you are using one of the modes where you are utilizing something else as > a router (OOB, IB-Virtual-Gateway) then Multicast is dependant on your > actual router, but this assumes the client is already logged in. > > For IB-Real-IP-Gateway, there is a technical workaround to allow multicast > work. I'll go into it if you want. > > So Did I answer your question, or confuse you worse? > > Mike > > On Jan 7, 2008 5:18 PM, Hennessey, Sean <[EMAIL PROTECTED]> wrote: > > Hi all – > > > > The techs that work here with me have been unable to use Ghost to image > multiple systems at a time. They are able to Unicast fine for one machine at > a go, but when it becomes multiple it fails. We are thinking in might have > to do with the switch from Unicast's specific IP addressing to Multicast's > using a multicast address. > > > > Has anyone else encountered this beast and successfully slain it? We are > running 4.1.3 but the problem has persisted through every flavor of Clean > Access we've used. > > > > Thanks! > > > > - Sean > > > > ---- > > Sean Hennessey > > Networking and Information Security Systems Administrator > > The University of Portland > > > > > > >
