FortiWLC – Multicast


Multicast is a technique frequently used for the delivery of streaming media, such as video, to a group of destinations simultaneously. Instead of sending a copy of the stream to each client, clients share one copy of the information, reducing the load on the network. Multicast is an advanced feature and can cause subtle changes in your network. By default, multicast is disabled and should be enabled only for specific circumstances. Possible multicast applications include:

  • Broadcast via cable or satellite to IPTV (for example, Vbrick or Video Furnace)
  • Any broadcast application (for example, CEO address to company)
  • Distance learning (live lectures)
  • Video surveillance
  • Video conferencing

For multicast to work, you need to complete these four tasks:

  • Enable Virtual Port on AP400s – see “Configuring Virtual Port Support for AP400 with the CLI” on page 151 and “Configuring Probe Response Threshold” on page 153 for directions.
  • Enable IGMP snooping on the controller – see “Configuring IGMP Snooping on Controllers and APs” on page 163
  • Enable IGMP snooping on the network infrastructure including intermediary switches. You must do this because Forti WLC do not source multicast group membership queries. We rely (as do most controllers) on the switches to perform that task.
  • Map a Virtual Cell enabled ESS with the default VLAN – see “Assigning a VLAN with the CLI” on page 156.
Configuring IGMP Snooping on Controllers and APs

Multicasting is implemented using IGMP snooping. In FortiWLC (SD) release 3.6, IGMP snooping was only done at the controller; the controller knew which clients were subscribed to specific multicast streams and sent the data for the subscribed multicast stream only to the APs with clients currently being serviced. Since the AP didn’t know which clients subscribed to the specific stream, it would send multicast streams to all clients currently being serviced by the AP. (With Virtual Port, there would be N copies, one for each client). This wasted airtime and created unnecessary traffic and contention.

In release 4.0 and later, IGMP snooping is done not only by the controller but also done by AP400s (excluding AP1000) when using Virtual Cell. The controller passes the client subscription list for multicast streams to AP400, which limits the multicast streams to only subscribed clients, reducing wireless traffic and saving time. (There are no changes in sending multicasts for stations connected to non-Virtual Cell ESS profiles.)


Commands to Configure IGMP Snooping

The following command is used to enable/disable IGMP snooping on the controller and APs: igmp-snoop state [enable, disable]

Command to show igmp-snoop status: show igmp-snoop

Command to see which multicast groups are currently active: show igmp‐snoop forwarding‐table

Command to see which stations have joined multicast groups: show igmp‐snoop subscription‐table

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.