Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Multicast Issue in Layer 2: VLC Not Receiving ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Multicast Issue in Layer 2: VLC Not Receiving Stream
Hello everyone,
I am encountering issues with setting up multicast traffic in a Layer 2 environment. Although the PCs can ping each other and are correctly connected to the Wi-Fi network, the VLC client is unable to receive the multicast stream sent by OBS Studio.
Scenario
The network Lab consists of the following devices:
- 1 FortiGate
- 2 FortiSwitch
- 2 FortiAP
- 2 PCs on Wi-Fi (IPs: 172.16.0.2 and 172.16.0.3), one running OBS Studio and the other running VLC.
Topology
- FortiGate
- Port 1 connected to Port 24 on FortiSwitch 1.
- Port 2 connected to Port 24 on FortiSwitch 2.
- FortiSwitch 1 and 2
- Connected to each other through Port 23.
- FortiAP connected to Port 21 on each FortiSwitch.
Configuration
VLAN 200 for Wi-Fi Network:
- Subnet: 172.16.0.0/22
- FortiGate Gateway: 172.16.0.1
- DHCP managed by FortiGate: Range 172.16.0.100 - 172.16.0.254
IGMP Snooping Enabled on FortiSwitches and FortiAP:
- IGMP snooping is enabled globally on both FortiSwitches and FortiAP.
- IGMP Querier is disabled since multicast traffic is expected to remain within Layer 2.
- I have enabled IGMP on FSW1 and FSW2 port 21, 23 and 24 with the following commands:
config switch-controller managed-switch
edit <FortiSwitch_serial_number>
config ports
edit <port_name>
set igmp-snooping-flood-reports {enable | disable}
set mcast-snooping-flood-traffic {enable | disable}
end
end
OBS Studio Configuration:
- OBS Studio is streaming on multicast IP 239.0.0.1 on port 1234 using UDP.
VLC Configuration:
- VLC client attempts to open the stream with the following address:perludp://@239.0.0.1:1234
- VLC client attempts to open the stream with the following address:
The Issue
Although the network seems properly configured, VLC is unable to receive the multicast stream from OBS Studio. The two PCs connected to the Wi-Fi network (172.16.0.2 for VLC and 172.16.0.3 for OBS) can ping each other, so there is no basic connectivity issue. Both Windows firewalls are disabled.
Here are the troubleshooting steps I have tried, but without success
- I temporarily disabled IGMP snooping, but the issue persists.
- Multicast forwarding is enabled on the FortiGate, although no Layer 3 routing is required since this is a Layer 2 scenario.
- I tested a unicast stream from OBS Studio to VLC, and the stream works correctly, confirming that the issue is specific to multicast.
Request for Help
It seems like everything is configured properly, but multicast traffic is not being distributed correctly by the FortiSwitch or FortiAP. Has anyone experienced a similar setup or have suggestions on what to check or adjust to make multicast work in Layer 2 with VLC?
Thanks in advance for your support!
Some indications:
- The two FortiSwitches have been connected, and the FortiGate automatically configured them. (Do we need to configure any trunks for this?)
- I also tried enabling the multicast router and the policies, but it still doesn't work.
The SSIDs are configured in bridge mode, and I have enabled IGMP on both the SSID interfaces and the VLAN 200 interface.
The two APs are connected in native VLAN 100 (Management) and allowed VLAN 200 (Wi-Fi).
I might be making mistakes in enabling multicast and IGMP. I've tried following different guides from Fortinet, but they all say different things, so I'm getting confused.
Solved! Go to Solution.
Labels:
- Labels:
-
FortiGate
-
Fortiswitch
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Thonno,
If the FortiGate configuration includes multicast PIM-SM with a static group entry, multicast forwarding must be disabled. This is because the FortiGate can support either forwarding or routing per VDOM at any given time, not both simultaneously.
Akilesh
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Thonno,
Based on your explanation, it seems no further changes to VLAN or trunk configurations are required, as unicast connectivity between the receiver and sender is functioning correctly.
Since your setup only involves a multicast sender and receiver, there is no need for multicast routing. However, ensure that multicast-forwarding is enabled and that the multicast policy between the relevant interfaces is correctly configured. If the issue persists, capturing sniffer logs using the following command may assist with further troubleshooting:
`di sniffer packet any "host xx.xx.xx.xx" 4 0 l`
(Replace xx.xx.xx.xx with the multicast group IP address.)
Akilesh
Created on 10-08-2024 04:09 AM Edited on 10-08-2024 04:11 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I resolved the issue. The problem was caused by the PC running OBS, which had some unknown issues. After changing the PC, the multicast streaming in Layer 2 is now working.
I modified the infrastructure so that the PC with OBS is on a different VLAN than the users connected via Wi-Fi.
Here are the steps I followed:
BASIC CONFIGURATION:
Create a multicast router on:
- Wi-Fi users VLAN
- Wi-Fi regia VLAN
Enable multicast forwarding:
config system settingsset multicast-forward enableendEnable multicast on SSIDs (multicast-to-unicast):
config wireless-controller vapedit "SSID_NAME"set multicast-enhance enablenextend
TUNING:
Enable IGMP snooping on:
- Wi-Fi users VLAN
- Wi-Fi regia VLAN
Create a static group:
config router multicast-flowedit static-groupconfig flowsedit 1set group-addr 239.0.0.1set source-addr 10.10.16.2 #PC Regia IPnextendnextendAssign static group to multicast routers (both WIFI_USERS and WIFI_REGIA):
config router multicastconfig interfaceedit WIFI_REGIAset multicast-flow static-groupset static-group static-groupnextedit WIFI_USERSset multicast-flow static-groupset static-group static-groupendSet FortiGate as Querier (on both WIFI_USERS and WIFI_REGIA):
config system interfaceedit WIFI_USERSset switch-controller-igmp-snooping enableset switch-controller-igmp-snooping-proxy enableset switch-controller-igmp-snooping-fast-leave enablenextedit WIFI_REGIAset switch-controller-igmp-snooping enableset switch-controller-igmp-snooping-proxy enableset switch-controller-igmp-snooping-fast-leave enablenextendDisable unknown multicast flooding:
config switch-controller igmp-snoopingset flood-unknown-multicast disableend
Do you think there are any other adjustments I should make to improve the flow and avoid network congestion? The infrastructure is designed to support more than 1,000 users connected simultaneously to 12 APs (with 12 different SSIDs, all in bridge mode).
The goal is to ensure that the firewall acts as a querier without overloading the network.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Thonno,
If the FortiGate configuration includes multicast PIM-SM with a static group entry, multicast forwarding must be disabled. This is because the FortiGate can support either forwarding or routing per VDOM at any given time, not both simultaneously.
Akilesh
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Multicast Issue in Layer 2: VLC... 400 Views
- Fortigate 60F Sending Wrong LOGS to... 1104 Views
- config join-group vs static IGMP group 1068 Views
- IPTV blocking connection 1552 Views
- Multicast stream loss 1326 Views
Labels
-
FortiGate
8,501 -
FortiClient
1,722 -
5.2
801 -
FortiManager
715 -
5.4
639 -
FortiAnalyzer
548 -
Fortiswitch
460 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
223 -
FortiWeb
200 -
5.0
196 -
IPsec
188 -
FortiNAC
180 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
53 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
40 -
DNS
40 -
BGP
39 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
27 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1662 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.