If an IP rule exists in the rule set which applies to a multicast packet's destination IP address, then
that Ethernet interface automatically gets its receive mode set to promiscuous in order to receive
multicast packets.
Promiscuous mode
means that traffic with a destination MAC address that does
not match the Ethernet interface's MAC address will be sent to NetDefendOS and not discarded
by the interface. Promiscuous mode is enabled automatically by NetDefendOS and the
administrator does not need to worry about doing this.
With multicast only, the usage of promiscuous mode can be explicitly controlled using the
Ethernet
object property
Receive Multicast Traffic
which has a default value of
Auto
. If this
property is set to
Off
, the multicast forwarding feature cannot function.
If the administrator enters a CLI
ifstat <ifname> command
, the
Receive Mode
status line will show
the value
Promiscuous
next to it instead of
Normal
to indicate the mode has changed. This is
discussed further in
Section 3.4.2, “Ethernet Interfaces”
4.7.2. Multicast Forwarding with SAT Multiplex Rules
The SAT Multiplex rule is used to achieve duplication and forwarding of packets through more
than one interface. This feature implements multicast forwarding in NetDefendOS, where a
multicast packet is sent through several interfaces.
Note that since this rule overrides the normal routing tables, packets that should be duplicated
by the multiplex rule needs to be routed to the core interface.
By default, the multicast IP range
224.0.0.0/4
is always routed to core and does not have to be
manually added to the routing tables. Each specified output interface can individually be
configured with static address translation of the destination address. The Interface field in the
Interface/Net Tuple dialog may be left empty if the IPAddress field is set. In this case, the
output interface will be determined by a route lookup on the specified IP address.
The multiplex rule can operate in one of two modes:
•
Using IGMP
The traffic flow specified by the multiplex rule must have been requested by hosts using
IGMP before any multicast packets are forwarded through the specified interfaces. This is the
default behavior of NetDefendOS.
•
Not using IGMP
The traffic flow will be forwarded according to the specified interfaces directly without any
inference from IGMP.
Note: An Allow or NAT rule is also needed
Since the Multiplex rule is a
SAT
rule, an
Allow
or
NAT
rule also has to be specified as
well as the
Multiplex rule
.
4.7.2.1. Multicast Forwarding - No Address Translation
This scenario describes how to configure multicast forwarding together with IGMP. The multicast
sender is
192.168.10.1
and generates the multicast streams
239.192.10.0/24:1234
. These multicast
streams should be forwarded from interface wan through the interfaces
if1
,
if2
and
if3
. The
streams should only be forwarded if some host has requested the streams using the IGMP
protocol.
The example below only covers the multicast forwarding part of the configuration. The IGMP
Chapter 4: Routing
362
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...